 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
20 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Dial back user ve...| From | Sent On | Attachments |
|---|---|---|
| Gordon Messmer | Jul 14, 2003 12:34 pm | |
| James A Baker | Jul 14, 2003 1:17 pm | |
| Gordon Messmer | Jul 14, 2003 5:01 pm | |
| James A Baker | Jul 15, 2003 6:10 am | |
| Gordon Messmer | Jul 15, 2003 3:51 pm | |
| Gordon Messmer | Jul 21, 2003 12:29 pm | |
| Johannes Erdfelt | Jul 21, 2003 2:17 pm | |
| Gordon Messmer | Jul 21, 2003 3:24 pm | |
| Jerry Amundson | Jul 25, 2003 9:46 am | |
| Gordon Messmer | Jul 25, 2003 11:41 am | |
| Mitch (WebCob) | Jul 25, 2003 1:20 pm | |
| Gordon Messmer | Aug 5, 2003 3:40 pm | |
| Gordon Messmer | Aug 7, 2003 2:54 pm | |
| Jerry Amundson | Aug 8, 2003 9:56 am | |
| Gordon Messmer | Aug 8, 2003 10:21 am | |
| Mitch (WebCob) | Aug 8, 2003 11:18 am | |
| Jerry Amundson | Aug 8, 2003 12:37 pm | |
| Jerry Amundson | Aug 8, 2003 7:57 pm | |
| Jon Nelson | Aug 8, 2003 8:32 pm | |
| Jon Nelson | Aug 8, 2003 8:56 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] Dial back user verification | Actions... |
|---|---|---|
| From: | James A Baker (blam...@bellsouth.net) | |
| Date: | Jul 14, 2003 1:17:53 pm | |
| List: | net.sourceforge.lists.courier-users | |
On Monday, Jul 14, 2003, at 14:34 US/Central, Gordon Messmer wrote:
I've begun testing a Courier filter that implements dial-back address authentication, and I'd like to offer it for testing and discussion. It can be found here:
http://phantom.dragonsdawn.net/~gordon/courier-patches/courier- pythonfilter/
[...]
I'd like to run this on a couple of servers and see if it does any good at all. Some of the most abused servers will give a positive response to any address they're asked about (with either VRFY or RCPT commands).
I'd love to help test this, but I don't use Courier's SMTP service. (I use Postfix instead I'm afraid.) But I'm glad to see filters being written anyway. =)
However, I do wonder about it's usefulness. This is meant as an anti-spam measure, right?
Wouldn't most addresses (even spammer ones) be valid at the host they *claim* to be from? -- Either they set up a valid address long enough to send out the mails, or they don't care about direct replies and they can hijack an address (not the account itself, but just *use* the address in headers and SMTP commands) from some other domain ... *any* address from *any* domain ... Yes?
Of course, that's not to say they all do use valid addresses, which might mean you could catch some. But it's certainly not going to be a very effective measure (at least I don't see how anyway) once they learn that it's being used (and give *any* thought at all as to circumventing it).
Or maybe I just don't understand exactly what you're doing. That's always possible too. :-)
Are there any services that will give different responses to those two commands?
Anyway, as for RCPT vs. VRFY responses... You know some servers reject VRFY out of hand to cut down on address harvesting, right? (It can't stop it of course, but it helps somewhat so long as harvesters prefer using the VRFY command.) So those servers will obviously give differing responses to RCPT than to VRFY.
-jab