Unregistered domains are sometimes resolving, and sometimes not. I wonder if it's because not all the root servers have updated with this new policy yet? But, some domains, like *.cc have wildcards already, so the SAV doesn't catch them.
220 hermes.friend.ly.net - ESMTP - Postfix helo rb-web.friend.ly.net 250 hermes.friend.ly.net mail from: <[EMAIL PROTECTED]> 250 Ok rcpt to: <[EMAIL PROTECTED]> 250 Ok data 354 Please start mail input. It would be nice if we could ban anything coming from what the wildcards resolve to, but that would only ban the server it came from, not what it used for mail from... Richard At 11:11 PM 9/15/2003 -0400, you wrote: >Richard Bewley wrote: > > > Take a look at this > > > http://slashdot.org/articles/03/09/16/0034210.shtml?tid=126&tid=95&tid=98&tid=99 > > > > From the looks of it, Verisign is adding a wildcard resolve to an > > advertising site, so that any mis-typed domain will resolve to > > something. This means, that spammers sending from technically > non-existant > > domains won't be caught by the SAV. I wonder if we could block that ip > > address that the "wildcard" resolves to? > > > > Anyone have any ideas, or comments? > >Not sure how SAV works, but Verislime's SMTP server returns a 550 for rcpt >to: assuming it is the third command sent. > >telnet verisignruined.net 25 >220 snubby2-wceast Snubby Mail Rejector Daemon v1.3 ready >1 >250 OK >2 >250 OK >3 >550 User domain does not exist. > >250 OK > >221 snubby2-wceast Snubby Mail Rejector Daemon v1.3 closing transmission >channel > > >telnet verisignruined.net 25 >220 snubby4-wceast Snubby Mail Rejector Daemon v1.3 ready >rcpt to:<[EMAIL PROTECTED]> >250 OK >rcpt to:<[EMAIL PROTECTED]> >250 OK >rcpt to:<[EMAIL PROTECTED]> >550 User domain does not exist. > >250 OK > >221 snubby4-wceast Snubby Mail Rejector Daemon v1.3 closing transmission >channel > >This may be the dumbest thing ever. Note that the first, second, and fourth >command get a 250. Also, it will accept a data command if the rcpt to: is >not the third command. Further testing needed but sleep needed also. > >telnet verisignruined.net 25 >220 snubby1-wceast Snubby Mail Rejector Daemon v1.3 ready >mail from:<[EMAIL PROTECTED]> >250 OK >rcpt to:<[EMAIL PROTECTED]> >250 OK >data >354 Please start mail input. >blah >. >250 Mail queued for delivery. > >250 OK > >221 snubby1-wceast Snubby Mail Rejector Daemon v1.3 closing transmission >channel > >-- >Chris Scott >Host Orlando, Inc. >http://www.hostorlando.com/ > > > >--- >[This E-mail scanned for viruses by friend.ly.net.] --- [This E-mail scanned for viruses by friend.ly.net.]
