[conspire] (forw) [sorbs.net #212641] [Webform] SORBS registration systems sends RFC-ignorant mail

Rick Moen rick at linuxmafia.com
Sun Oct 26 11:31:20 PDT 2008 

I've been aware for a long time that being an anti-spam person can lead
one eventually to be a trigger-happy nut:  Regardless of whether Sullivan
is correct about proper uses of the null sender "<>", he is not correct
about (quoted) mail originating at "From: devnull at sorbs.net", a
non-deliverable sender -- and _that_ is the main, characteristic sin of
CGI script developers whose scripts generate outgoing mail.

You'll note Sullivan's statement that SORBS also considers MTA Q}callbacks /
callouts an "abusing DDoS tool" regardless and how implemented (e.g., my
system that caches and reuses callout test results), and blocklists the
hosts that use it.  Oh well, so be it:  Can't make everyone happy.

(linuxmafia.com is not currently blocklisted by anyone.  I was just
trying to sign up at the SORBS Web site so I could check SORBS
reporting.)

----- Forwarded message from "SORBS Support (Matthew Sullivan)" <general at support.sorbs.net> -----

From: "SORBS Support (Matthew Sullivan)" <general at support.sorbs.net>
Reply-To: general at support.sorbs.net
To: rick at linuxmafia.com
Date: Sun, 26 Oct 2008 08:40:03 +1100
Subject: [sorbs.net #212641] [Webform] SORBS registration systems sends RFC-ignorant mail 

On Fri Oct 10 05:56:15 2008, rick at linuxmafia.com wrote:
> Gentlemen, I just tried to register user "rickmoen", and duly
>    submitted the required Web form.  Your system then attempted to
>    send mail with information required to complete registration to my
>    address, rick at linuxmafia.com.  My MTA correctly refused that
>    scripted mail, for reasons entered into my logfiles:
> 
> 2008-10-09 12:28:56 1Ko1Br-0007vM-H6 H=anaconda.sorbs.net
>    [203.15.51.135]:50554
> I=[198.144.195.186]:25 F=<> rejected after DATA: Sender callback
>    verification fa
> iled for header From: sender SORBS Registration Server
>    <devnull at sorbs.net>: ther
> e is no valid sender in any header line
> Envelope-from: <>
> Envelope-to: <rick at linuxmafia.com>
> P Received: from anaconda.sorbs.net ([203.15.51.135]:50554)
>          by linuxmafia.com with esmtp   (Exim 4.61 #1 (EximConfig
>    2.0))
>          id 1Ko1Br-0007vM-H6
>         for <rick at linuxmafia.com>; Thu, 09 Oct 2008 12:28:51 -0700
> P Received: from registration.stealth.sorbs.net (spamhaus.kd1.tisf.net
>    [64.124.5
> 2.228])
>         by anaconda.sorbs.net (Postfix) with ESMTP id C10DE2E072
>         for <rick at linuxmafia.com>; Fri, 10 Oct 2008 05:28:46 +1000
>    (EST)
> T To: Rick Moen <rick at linuxmafia.com>
> F From: SORBS Registration Server <devnull at sorbs.net>
>   Subject: Registration Confirmation
>   X-Originating-IP: 64.186.171.234
>   X-Sent-Via: 64.186.171.234
> I Message-Id: <20081009192846.C10DE2E072 at anaconda.sorbs.net>
>   Date: Fri, 10 Oct 2008 05:28:46 +1000 (EST)
>   X-Virus-Scanned: ClamAV 0.92/8399/Thu Oct  9 22:27:14 2008 on
>    anaconda.sorbs.n
> et
>   X-Virus-Status: Clean
> 
> 
> Fellahs, if you're going to write a script to send mail, the least you
>    should do is make it originate that mail from a valid address, and
>    not from the null sender.  The null sender is fine for DSNs, but
>    not for anything else.  Basically, your programmer got lazy.  You
>    could have originated it from postmaster at sorbs.net, for example, or
>    basically any theoretically deliverable, valid address.


Try reading the RFCs you might understand them.

The NULL sender (<>) is used for where there is no expected or desired
response.  It is not just for DSNs it's also used for mailing list sign
ups where the mail administrator wishes to avoid mailing loops.


> Worse, having now whitelisted your domain and thus exempted it from
>    callbacks, there appears to be no way to convince your registration
>    system to re-send the confirmation mail:  Attempting to get it to
>    do that fails silently.


Callbacks will result in blocking from the SORBS servers, they are (and
have been proven to be) an abusing DDoS tool.


> I'd still like to register user "rickmoen", by the way.  Any chance of
>    doing that, or do I have to invent a second username just to deal
>    with your broken mail script?


The system will automatically send an email reminder within 7 days of
the original message.

Regards,

M

(The programmer of the script)


----- End forwarded message -----

More information about the conspire mailing list