headers
Chris Croome | 5 Jun 15:06
Picon
Favicon

[BUG] CheckUser.pm usage results in MKDoc sites being blackholed

Hi

One MKDoc server keeps getting listed on the CBL email spam list:

  http://cbl.abuseat.org/

And I think I have tracked this down to the use of Mail::CheckUser in
flo/plugin/Account/Subscribe.pm -- this is what the CBL says:

  The Perl CheckUser module defaults to improper "HELO" and "MAIL FROM"
  strings: "localhost.localdomain" and "check@..." respectively.
  The former is illegal, the latter impersonates user.com - they
  probably don't like that. [Besides, by not using your own domain, some
  spam filters will lie to your RCPT TO.]

  You will need to change $Helo_Domain = to be "<DNS name of your
  server>" and change $Sender_Addr to be something in _your_ domain (eg:
  "check@<mydomain>")

  http://cbl.abuseat.org/linuxnonserver.html

And if you run ethereal and capture the helo MKDoc does indeed use the
default of localhost.localdomain and the default email address of
check@... so I think this solves this mystery...

All that is needed now is for Subscribe.pm to be fixed so that it uses
the MKdoc public domain for the helo and the admin email address for the
check.

Chris

--

-- 
Chris Croome                               <chris@...>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/
Permalink | Reply |

Gmane