When I'm at home all outbound mail is relayed through my providers mail servers, but they certainly don't provide backup MX for my employer - you'd see mail from mail.optusnet.net.au which is not in the MX list for icorp.com.au...
On Wednesday, August 27, 2003, at 01:04 PM, Dossy wrote:
On 2003.08.26, Chris Davies <[EMAIL PROTECTED]> wrote:The only problem here is that most of the cable modems out there have valid reverse addresses, and providers don't block outbound port 25 connections allowing spam to flow freely from cable modems that have valid reverse lookups.
I've been thinking this might be a good way to stop mail header forgeries (which most spam falls into the category of) but would annoy a lot of people ...
Upon receipt of mail at the end of the DATA portion of the SMTP transaction, look at the mail envelope (and possibly the From: header) and parse out the domain name that the mail is supposedly sent from.
Then, look up the DNS for that domain name, looking for IN MX records.
If the machine's IP that is on the remote end of the SMTP transaction isn't one of those machines indicated in the MX record, refuse to accept the mail.
Now, spammers could circumvent this by registering a domain and configuring the forward DNS to point to their IP, which is easy to do, but then, they'd be sending out email with a domain that could be traced back to them (as opposed to forging some totally bogus domain in the mail headers). Then, there'd be an easy way to pursue and prosecute spammers ...
With qmail + qmail-scanner, it'd be pretty easy to implement this kind of "mail refusal" -- I already have something set up that hooks SpamAssassin into qmail via qmail-scanner, and if the SpamAssassin score exceeds a threshold, instead of sending a 2.x.x OK it returns a "5.3.0 spam detected" which is a hard bounce. Normally bouncing a spam after it's been accepted is useless -- the bounce message gets sent back to the forged From: address or envelope header which is also likely forged. However, when you refuse mail at the time of the SMTP transaction, the spammer is actually connected to your machine and CAN see the accept/reject of the mail they're trying to deliver to you. If they ever use that information to scrub their lists, eventually you'll get removed and cleaned off.
-- Dossy
-- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
