[Mimedefang] Re: Filtering idea for stock pump&dumps
David F. Skoll
dfs at roaringpenguin.com
Tue Jul 3 13:24:36 EDT 2007
Kevin A. McGrail wrote:
> I don't believe things are getting to the DATA phase. This greylisting
> is happening at the RCPT phase and (en)forcing a reset (which is
> probably correct).
No, you misunderstood my posting.
Once the *Exchange* server has accepted an e-mail from its client,
it MUST take the responsibility seriously, including retrying a
reasonable number of times in the event of transient errors.
> 63.216.184.10 [08C0] 11:04:46 <<< MAIL From:<kmcgrail at pccc.com> SIZE=5553
> 63.216.184.10 [08C0] 11:04:49 >>> 250 2.1.0 <kmcgrail at pccc.com>...
> Sender ok
> 63.216.184.10 [08C0] 11:04:49 <<< RCPT To:<abaucom at removed-domain.com>
> 63.216.184.10 [08C0] 11:04:50 >>> 451 4.7.1 Server busy, try again later
> 63.216.184.10 [08C0] 11:04:50 <<< DATA
> 63.216.184.10 [08C0] 11:04:50 >>> 503 5.5.1 Incorrect command sequence
> 63.216.184.10 [08C0] 11:04:50 <<< RSET
> 63.216.184.10 [08C0] 11:04:50 >>> 250 2.0.0 Reset state
Yes; Microsoft has *definitely* reinvented the Novell bug. :-) Their
client state machine proceeds to DATA even if no RCPT commands were
successful. The server's state machine correctly says "503 5.5.1 You're
confused, buddy!".
Post-DATA greylisting should not trigger this bug, unless Microsoft's
code is even worse than I imagine.
Regards,
David.
More information about the MIMEDefang
mailing list