Unsolicited Commercial E-mail Policy
Contents
- Overview
- Bogon Filter
- Message Body Filtering
- Data Restrictions
- Client Restrictions
- HELO / EHLO Command Restrictions
- Sender Restrictions
- Recipient Restrictions
- Additional Notes
Overview
Mail servers, client software, or anything else wishing to interface with the Mail System here must conform to the following guidelines. Most of these specifications are RFC requirements, so this system does nothing but enforce them. There was a reason these standards were created - they've been around for awhile - and there's no excuse for developers and administrators not following them. The administration of this system is not responsible for mail rejected or permanently lost when others fail to follow this policy.
Bogon Filter
If the IP address of the NS or MX server for the host resolves to any address in the following list, it will not be permitted to interact with the Mail System here. Refer to the following sections for when these restrictions are applied. This list defines an address, in CIDR notation, and the reason why the address will be rejected. If, for some reason, some of these addresses have been released for public use and we haven't noticed or there's any further questions, please contact the postmaster: postmaster -AT- nixsyspaus -DOT- org
- 208.64.38.0/32
- smurf attack
- 208.64.38.255/32
- smurf attack
- 0.0.0.0/8
- reserved for hosts on "this" network. See RFC3300 and RFC1700
- 10.0.0.0/8
- reserved for private use. See RFC1918
- 127.0.0.0/8
- reserved for host loopback address. See RFC3300 and RFC1700
- 169.254.0.0/16
- reserved for the "link local" block. See RFC3300
- 172.16.0.0/12
- reserved for private use. See RFC1918
- 192.0.0.0/24
- reserved for IETF protocol assignments
- 192.0.2.0/24
- reserved for "test net." See RFC3300
- 192.168.0.0/16
- reserved for private use. See RFC1918
- 198.18.0.0/15
- reserved for Network Interconnect Device Benchmark Testing
- 198.51.100.0/24
- reserved for documentation
- 203.0.113.0/24
- reserved for documentation
- 204.152.64.0/23
- IANA reserved space
- 224.0.0.0/3
- reserved for IPv4 multicast. See RFC3300
Message Body Filtering
Any message containing an exploit for one of many vulnerabilities in a certain company's poorly written web browser will be rejected. Please read US-CERT Vulnerability Note VU#842160 for more information. Get Firefox.
Data Restrictions
Requests will also be rejected when clients send SMTP commands ahead of time (data pipelining).
Client Restrictions
These restrictions apply to machines sending mail to this system. Clients sending mail to this system will be rejected if:
- the client doesn't have valid forward and reverse DNS entries.
- the client has been denied access to the system for previous abuses.
HELO / EHLO Command Restrictions
These restrictions apply to the hostname specified in the HELO / EHLO command sent from mail servers to this system. Clients are required to send a HELO / EHLO command to begin a mail transfer. Mail will be rejected if:
- no HELO / EHLO command is sent.
- the hostname in the HELO / EHLO command is not in fully-qualified domain form.
- the client sends a HELO / EHLO command with a bad hostname syntax.
- the hostname in the HELO / EHLO command has no DNS A or MX record.
- the hostname in the HELO / EHLO command is part of this system.
- the IP address of the NS or MX server for the host in the Bogon Filter list.
Sender Restrictions
These rules apply to the address sent by the client machine specifying the origin of the mail. Mail will be refused if:
- the sender has been denied access to the system for previous abuses.
- the sender address is not in fully-qualified domain form.
- the sender mail address has no DNS A or MX record.
- the IP address of the NS or MX server for the host in the Bogon Filter list.
Recipient Restrictions
These rules apply to the address sent by the client specifying the recipient of the message. Messages will be returned if:
- the resolved destination address or a subdomain thereof doesn't match those on this system.
- the address contains sender-specific routing (user@elsewhere@nixsyspaus.org).
- the final destination is not hosted by this system.
- the address of the recipient is not in fully-qualified domain form.
- the recipient mail address has no DNS A or MX record.
- the IP address of the NS or MX server for the host in the Bogon Filter list.
Additional Notes
This policy has been published to acknowledge the importance of the RFC requirements in regards to the transfer of mail over the internet. This document may also serve as a reference for system administrators who wish to understand why mail from their systems was rejected by this one. If an administrator feels a site has been unfairly denied access to send mail to this system, the administration of Nixsys PAUS suggests contacting the Postmaster: postmaster -AT- nixsyspaus -DOT- org.
Every effort will be made by the Postmaster to contact the administration of sites who are denied access based on misconfigurations of their DNS settings. This will happen only if those sites are denied multiple times by the UCE restrictions on this system. Mail will still be rejected until the administration of the denied sites fixes their DNS settings. Sites who choose to not mend their broken DNS settings will continue to be denied access to send mail to Nixsys PAUS and possibly be added to the permanent REJECT list.
