[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] Message IDs

To: leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [leafnode-list] Message IDs
From: Matthias Andree <ma@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: by mail-ob (mbox f11350)(with Cubic Circle's cucipop (v1.31 1998/05/13) Tue Aug 13 05:32:50 2002)

Nathan Friess <natmanz@xxxxxxx> writes:

> Hello.
>
> I use leafnode for my small LAN to read and post messages to a few groups.
> Recently I have found that I'm receiving a growing amount of spam sent to my
> mail server because of my postings.  It seems that spammers are reading the
> Message ID field that leafnode is inserting and sending mail to it, as if
> it's an email address.  Of course, such emails don't exist and server
> attempts to bounce them, but the emails end up double-bouncing back to me
> (as you can guess, the from contains a bad email).  Although this poses very
> little threat to me, it would be nice to be able to filter such emails so
> that I can reject them before they are even attempted to be delivered.
>
> I run qmail, so this would be easy if the IDs started with some common
> string.  I noticed that leafnode always adds 'ln' just before the @ sign.
> If instead, message IDs were in the form 'ln-[id]@host' qmail could be
> easily configured for this.

qmail-smtpd is broken by design, in that it accepts mail for
non-existant local users and defers the bounce -- and this can be used
to form a bandwidth multiplication attack or send mail to innocent third
parties and is thus a violation of security principles, as Sam
Varshavchik (Courier MTA author) has repeatedly pointed out.

> I know that I could easily modify the code in nntpd.c which makes the id,
> but I'm wondering if this would somehow break the whole concept of the
> Message ID.  What does the Message ID mean?  Can I just change the format
> without breaking leafnode or the whole world's NNTP servers?

Don't tamper with the Message-ID.

Fix qmail-smtpd or find someone who does (I won't fix that one, there
are too many loose ends in qmail, but I recommend to switch to a better
MTA instead, for more qmail bugs, see
http://mandree.home.pages.de/qmail-bugs.html#delayedbounce -- not to be
discussed on *this* list though).

> If what I'm thinking is possible, I would suggest that the format be changed
> so that other qmail users can easily handle this problem.

I will not change leafnode to workaround an MTA's security design
flaws. Dan J. Bernstein has rised the security flag and written qmail on
it, bug him to fix qmail-smtpd if people tamper with your qmail
installation, but don't hope too much. Maybe search the qmail mailing
list archive and if that is to no avail, ask some kind person on the
qmail mailing list for a patch to the problem you are observing.

I will not accept changes to leafnode towards that goal.

Sorry.

> I'm not sure if changing the format would help or hinder sendmail (or
> other) users, but that should be taken into consideration too.

The address extension delimiter in qmail is configurable at build-time
(see the conf-* files).

-- 
Matthias Andree

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list

References:
- [leafnode-list] Message IDs
  - From: Nathan Friess

Prev by Date: Re: [leafnode-list] Freebsd 4.6.1; Leafnode NNTP Daemon, version
Next by Date: Re: [leafnode-list] Why was support for 8 bit characters in headers
Previous by thread: Re: [leafnode-list] Message IDs
Next by thread: [leafnode-list] Freebsd 4.6.1; Leafnode NNTP Daemon, version 1.9.24.rel
Index(es):
- Date
- Thread