Yes Scott I allowed recursion for a short time, but len conrad reminded me why we implemented it -DOS attacks. Here is the syslog from a test attempt:
20021205 080921 127.0.0.1 SMTPD (000601F4) [209.55.118.2] connect 209.55.118.2 port 3477 20021205 080955 127.0.0.1 SMTP (2512) d:\IMAIL\spool\Q0d1f78609a8.GSC 20021205 080955 127.0.0.1 SMTP (2512) processing d:\IMAIL\spool\Q0d1f78609a8.GSC 20021205 080956 127.0.0.1 SMTP (2512) Trying hotmail.com (0) 20021205 081019 127.0.0.1 SMTP (2512) MX connect fail "64.4.50.71" 20021205 081021 127.0.0.1 SMTPD (002301F8) [209.55.118.2] connect 209.55.118.2 port 3502 20021205 081042 127.0.0.1 SMTP (2512) MX connect fail "64.4.50.7" 20021205 081105 127.0.0.1 SMTP (2512) MX connect fail "64.4.49.199" 20021205 081122 127.0.0.1 SMTPD (0045023A) [209.55.118.2] connect 209.55.118.2 port 3508 20021205 081128 127.0.0.1 SMTP (2512) MX connect fail "64.4.49.135" 20021205 081151 127.0.0.1 SMTP (2512) MX connect fail "64.4.49.71" 20021205 081214 127.0.0.1 SMTP (2512) MX connect fail "64.4.49.7" Note: before this test I flushed the dns cache, and apparently I am getting stale info.??? >From the server, tried to telnet to "open 65.54.254.129" "open 64.4.29.24" with no success. J.J. Beatrice, President Commandline Media, LLC http://www.commandlinemedia.com/ 877-306-8777 TF California 310-306-8777 T 310-306-0887 F Ohio 440-684-0483 T/F -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Len Conrad Sent: Thursday, December 05, 2002 7:41 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] hotmail rejection??? >It was my understanding that if I allow recursion, then I might as well >allow malicious attackers to check my location for domains unrestricted recursion opens you 1. to DoS attacks where the attacker spoof the UDP source addrsss (can't trace him) and sends you 1000's of queries per minute for real/bogus domains that send your DNS off to Internet to find the answers. The cache builds up, memory used. 2. an attacker can trigger your DNS to query his NS which could return extranesous and/or erroneous records in the Additional section, poisoning your cache. So you want to restrict recursion and zone transfer tightly. >, etc. Is this >a correct assessment? The way I understand recursion, it is for >outsiders to check entries for anybody to query your DNS for any domain >, and Not, for our DNS server to check others. your DNS, as recursive, will query other DNS's. here is the authoritative list of hotmail MX ip's: Mgw1# dig @NS1.hotmail.com. hotmail.com mx ; <<>> DiG 8.3 <<>> @NS1.hotmail.com. hotmail.com mx ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 14 ;; QUERY SECTION: ;; hotmail.com, type = MX, class = IN ;; ANSWER SECTION: hotmail.com. 1H IN MX 5 mx1.hotmail.com. hotmail.com. 1H IN MX 5 mx2.hotmail.com. hotmail.com. 1H IN MX 5 mx3.hotmail.com. hotmail.com. 1H IN MX 5 mx4.hotmail.com. ;; AUTHORITY SECTION: hotmail.com. 1H IN NS ns1.hotmail.com. hotmail.com. 1H IN NS ns2.hotmail.com. hotmail.com. 1H IN NS ns3.hotmail.com. hotmail.com. 1H IN NS ns4.hotmail.com. ;; ADDITIONAL SECTION: mx1.hotmail.com. 1H IN A 65.54.254.129 mx1.hotmail.com. 1H IN A 65.54.252.99 mx1.hotmail.com. 1H IN A 65.54.166.99 mx2.hotmail.com. 1H IN A 65.54.254.145 mx2.hotmail.com. 1H IN A 65.54.252.230 mx2.hotmail.com. 1H IN A 65.54.166.230 mx3.hotmail.com. 1H IN A 65.54.254.140 mx3.hotmail.com. 1H IN A 65.54.253.99 mx4.hotmail.com. 1H IN A 65.54.254.151 mx4.hotmail.com. 1H IN A 65.54.253.230 ns1.hotmail.com. 1H IN A 216.200.206.140 ns2.hotmail.com. 1H IN A 216.200.206.139 ns3.hotmail.com. 1H IN A 209.185.130.68 ns4.hotmail.com. 1H IN A 64.4.29.24 are those the ip's your Imail is trying to send to? can you telnet to port 25 of those ip's and get an SMTP banner? Len To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
