Subj : Re: sap/smtp interaction - wcsmtp build 451.7 To : All From : DAVE GOURD Date : Thu Jan 31 2019 19:18:36 Date: Sun, 30 Apr 2006 22:45:18 -0400 From: DAVE GOURD To: HECTOR SANTOS Subject: Re: sap/smtp interaction - wcsmtp build 451.7 Newsgroups: win.server.smtp.&.avs Message-ID: <1146451518.46.1146428375@winserver.com> References: <1146428375.46.1146322326@winserver.com> X-WcMsg-Attr: Rcvd X-Mailer: Wildcat! Interactive Net Server v7.0.454.5 Lines: 96 On 4/30/06 4:16 PM, HECTOR SANTOS wrote to DAVE GOURD: -> -> wrote in message news:1146322326.46.0@winserver.com... -> -> > When wcsap rejects a msg, does smtp/WINS close the connection -> > with the client, or can/is the cip/cdn/hdn allowed to -> > continue to send data to smtp in the same -> > connection/transaction session? Should that session end at the -> > time it is rejected? -> -> In general it is bad practice for the server to "DROP" the connection -> because the client may not understand and will try again. -> -> SMTP has five basic commands: -> -> EHLO or HELO sender machine name (CDN) -> MAIL FROM: sender address (FROM) -> RCPT TO: receiver address (TO) -> DATA: -> - email is transferred - -> QUIT or RSET -> QUIT -> -> For each command, a server response is provided: -> -> 250 --> Command ok, continue with next command -> 50x --> Don't understand the command -> 45x --> Sorry, don't continue, but you can try again later -> 55x --> Sorry, don't continue and no need to try again. -> -> The only way the client can continue from command to command is with a 250 -> server response each time. -> -> WCSMTP will not drop the connection once a 45x or 55x is sent. It would bad -> practice. You are suppose to allow the client to issue the QUIT command and -> then the socket is closed. -> -> WCSAP is called at RCPT TO and returns a response to RCPT TO: state to -> validate all the data up to the point. IP connection address, CDN, FROM and -> TO. -> -> There is 5 minute timer to wait to the client to send the next command. No -> response, then a DROP is done. -> -> The client can send a RSET command which allows him to restart the commands -> again starting with MAIL FROM:. -> -> What you see many times, especially with bulk spammers is that they ignore -> all server responses and just continue like it was normal. That is why you -> see 50x errors because the client is out of sync. He is continueing with the -> next command but he hasn't satisfied the previous command. -> -> Hope this helps -> Yes sir - I understand the 'bad practice' concept. I have never seen this before in all the years running this. Have seen lots and lots of days where there were dozens and dozens of blank entries in some sessions, but never with the spammer being so intent as to go ahead and send the BS anyway after our system politely says we don't want any. Maybe it happens a lot to others, I have just never seen it before; probably wouldn't if I did not watch the smtptrace logs (or even have it active). I did manage to get the uplines to at least disconnect those IPs from access anyhow! The spammer(s) will probably just go somewhere else though. Now I just have to figure out what to do about the criminals that are sending spam out spoofing our domain! :( - thousands of false bounces coming in from all over, 2d time they've joe job'd me this year already! Any suggestions? SPF record is in place (I think I got it set up right now), but that is of little consolation with so many systems out there not in tune to the process. Someone told me to get the FBI or feds involved, and get a lawyer cause might be able to sue the rats, but this sounds like more trouble to me than it (actually they, as in crooked spammers AND crooked lawyers - an honest guy ain't got a chance it seems) would be worth. Thanks Hector, at least I know my WC isn't broke. Have another question but in another post... -- D --- Platinum Xpress/Win/WINServer v3.1 * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013) .