MLUG: Mizzou Linux Users GroupHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact
MLUG: RE: [MLUG] More spam
RE: [MLUG] More spam
Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
No, reverse lookup only gives you the record you requested, if it exists.
The reason you can't do what is given below is that it is completely plausible that the mail might go through some sort of relay machine, or be hosted on some sort of virtual mail hosting box. In fact, the current practice of checking for a registered reverse DNS is a violation of some of the RFC's that govern SMTP regulation. Now RFC's are only recommendations about how a protocol should work, but they are carefully thought out in order to ensure compatibility and no following them can cause major problems. It clearly states that SMTP connections from hosts that identify them selves by IP are supposed to be accepted. I can't remember the number off the top of my head, but it was the current RFC that I was looking at. We were looking at it because of some disagreement about how smtp can be filtered. It was pretty interesting. 


Shannon Spurling
WAN Engineer -Specialist

MOREnet, Network Services, Core Network
3212 LeMone Industrial Blvd.
Columbia, MO 65201

Main:(573) 884-7200   Fax:(573)884-6673

EMAIL:PROTECTED
EMAIL:PROTECTED



-----Original Message-----
From: Russell Horn [mailto:EMAIL:PROTECTED]
Sent: Thursday, April 10, 2003 8:09 AM
To: MLUG Members
Subject: RE: [MLUG] More spam


It was just a thought :) As for the reverse DNS, doesn't a reverse lookup
(at least using dig) give you all the DNS entries? Or, how about the
following:
Because you're sending an email from "mail.defenseindepth.net" couldn't you
do a lookup on that account, and if the originating IP address is the same,
accept it? I realize people sometimes use sendmail from a dialup connection,
but they could at that point just as easiliy use the standard smtp servers
of the ISP. Essentially, the thought here is to prevent "spoofing" of a from
field.
Anyway, just a few thoughts.
Jason


2 problems there - my dialup provider won't let me use their smtp server if
I alter the domain I am sending from - i.e. I can't send from albanach.com
via them. Secondly, what about organisations where the mailserver might be
on an internal network with a non routing IP say 10.0.10.1 - you can't do a
lookup on that.

Russell.

p.s. Interestingly, the first time I tried to send this I accidently used my
@snp.org email address. The MLUG mail server responded as follows:

<EMAIL:PROTECTED>: host mlug.missouri.edu[128.206.61.230] said:
553
    5.1.8 <EMAIL:PROTECTED>... Domain of sender address EMAIL:PROTECTED does
    not exist

So something is doing domain checking (though not very well as snp.org does
exist) on MLUG at the moment.


_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members


_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Questions? Comments? Feel free to contact MLUG.
DMCA and other copyright information.