Richard Bewley wrote: > Take a look at this > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99 > > From the looks of it, Verisign is adding a wildcard resolve to an > advertising site, so that any mis-typed domain will resolve to > something. This means, that spammers sending from technically non-existant > domains won't be caught by the SAV. I wonder if we could block that ip > address that the "wildcard" resolves to? > > Anyone have any ideas, or comments?
Not sure how SAV works, but Verislime's SMTP server returns a 550 for rcpt to: assuming it is the third command sent. telnet verisignruined.net 25 220 snubby2-wceast Snubby Mail Rejector Daemon v1.3 ready 1 250 OK 2 250 OK 3 550 User domain does not exist. 250 OK 221 snubby2-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel telnet verisignruined.net 25 220 snubby4-wceast Snubby Mail Rejector Daemon v1.3 ready rcpt to:<[EMAIL PROTECTED]> 250 OK rcpt to:<[EMAIL PROTECTED]> 250 OK rcpt to:<[EMAIL PROTECTED]> 550 User domain does not exist. 250 OK 221 snubby4-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel This may be the dumbest thing ever. Note that the first, second, and fourth command get a 250. Also, it will accept a data command if the rcpt to: is not the third command. Further testing needed but sleep needed also. telnet verisignruined.net 25 220 snubby1-wceast Snubby Mail Rejector Daemon v1.3 ready mail from:<[EMAIL PROTECTED]> 250 OK rcpt to:<[EMAIL PROTECTED]> 250 OK data 354 Please start mail input. blah . 250 Mail queued for delivery. 250 OK 221 snubby1-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel -- Chris Scott Host Orlando, Inc. http://www.hostorlando.com/
