Date: Thu, 24 Jul 1997 16:21:00 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: jas@flyingfox.com (Jim Shankland) Cc: Anthony.Kimball@East.Sun.COM, terry@lambert.org, current@FreeBSD.ORG Subject: Re: (over)zealous mail bouncing Message-ID: <199707242321.QAA18495@phaeton.artisoft.com> In-Reply-To: <199707242238.PAA14165@biggusdiskus.flyingfox.com> from "Jim Shankland" at Jul 24, 97 03:38:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > I have to warn you that several mail server products of which I'm
> > aware actualy verify via getpeername/gethostbyaddr (RARP), and
> > will reject your host anyway.
>
> RARP? Or was that just a belch in mid-sentence :-)?
Reverse Address Resoloution Protocol. When someone connects to me,
I can always geet the IP address they are connecting from. Using
RARP, I can turn the address into a machine name, and compare it
with what you tell me on the "HELO" and "MAIL FROM:" lines.
The newest spammer hack for this is "configure your DNS to lie, too".
The good thing about this particular hack is that hacking your
DNS this way is prosecutable under interstate wire fraud statues.
You can also get the name, and look it up again to see if you get
the same address.
This screws up the ability to use DNS rotors on heavily loaded mail
servers, though, so it's a pain.
A partial fix is to ensure that the servers are in the same address
group, and apply the appropriate subnet mask before comparing them.
This has the unfortunate side effect of not letting you put the
servers at different sites.
To combat that, you need to designate very low priority mail
exchangers in the net, and compare the machine net with the
mail exchanger listings (after masking the address).
Alternately, your machine must have an MX record in DNS per IP
alias or address from which it might originate traffic (or prefer
a particular IP alias or source address).
Given all these contortions in combination, and you have an
effective anti-SPAM net, where it's possible to block access
by particular source hosts without interrupting normal, desirable
communications.
This assumes that the DNS for a machine originating a mail
connection is reachable -- an easy thing to ensure if each
originating ("smarter") host is itself a secondary.
Ideally, SPAM would be covered under "Junk FAX" laws, and none of
this would be necessary because it would be uneconomical to send
it to anyone who didn't want it.
> Seems like it would be nice for those implementing such a policy to
> allow chopping of subdomain prefixes; e.g., if getpeername/gethostbyaddr
> return foo.bar.acme.com, and the envelope sender is joebob@acme.com,
> then it's OK. Or is that too loose?
That's too loose, for a large number of reasons. The primary one
is the program "mailbomber" sold by Cyber Promotions, Inc..
And actually, since Jordan brought up the idea of anti-SPAMming the
lists, it's not very off topic at all.
Regards,
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707242321.QAA18495>