[Mimedefang] MessageID anti-impersonation function for sub fi lter()
Cormack, Ken
kcormack at acs.roadway.com
Wed May 26 09:29:43 EDT 2004
> 1. Are you sure it actually came in with that Message-ID? Sendmail
> adds one if there is not one present and the added one will of course
> have your host's name in it. I forget whether it has been added
> already at milter stage.
Yes, I'm sure. It actually contained <random_string at recipient@domain>
Regarding the adding of a MessageID where none is present, rfc2822 does
state that it should already have one. I realize it also says that if a
message arrives without one, that one should be added. However, since this
system is an external relay host, with no "local submissions" occurring, it
can be asserted that a message can be held accountable to rfc2822's first
assertion that one should exist. No legitimate MTA that I'm aware of, omits
the MessageID.
> 2. If a host generated Message-IDs with the name of the recipient
> domain in them, does that violate any standard? I agree that it
> looks spammy, and SpamAssassin scores for this, but I am not sure
> mail should be rejected as a general rule.
We've been outright rejecting such mail for a year, averaging 3 or 4 dozen a
day between both servers, with zero complaints based on missing MessageID
rejections.
> 3. Some client software does not create Message-ID and relies on the
> smtp server to generate it. This includes both PC mail clients and
> also some PC products that generate mail from databases. A host that
> acts as smtp server needs to recognize any such permitted use-- perhaps
> by IP address or by detecting use of smtp auth.
We have no internal clients connecting directly to this system. Our clients
talk to Exchange, which then through IMS and an internal wildcard SMTP relay
then hand off outbound traffic to The 'Net. We screen for inbound connects
from clients in many ways, and do not, as a policy, allow connections
directly from MUAs. Thus, we do not run POP3, IMAP, or other client
protocols. Ergo, since everything comes via SMTP, we assume it comes from
an SMTP MTA server of one sort or another. Ergo, it should already have a
MessageID.
Ken
More information about the MIMEDefang
mailing list