On 2003-12-21 10:34:17 -0500, Guillaume Filion wrote:
> Le 03-12-21, � 08:43, John Peacock a �crit :
> >Peter J. Holzer wrote:
> >>Suppose a spammer registers a domain spammers-r.us, adds these DNS
> >>records:
> >>spammers-r.us MX 10 mail.spammers-r.us
> >>mail.spammers-r.us A 127.0.0.1
> >
> >This is exactly what I have already seen at least once with a
> >mainsleaze spammer. I can't find my notes, so I cannot confirm this,
> >but I do remember that it caused my MTA issues (basically mailbombed
> >itself trying to bounce a message).
> >
> >It would be wise to try and program with this evil behavior in mind...
>
> I agree, but there would be a lot of subnets to include, because
> spammers could use localhost (120.0.0.0/8), private addresses
127
> (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12)Yes. Plus the link-local net (169.254.0.0/16) and multicast addresses (224.0.0.0/4). These are guaranteed not to be reachable over the public internet. > and any of the IANA reserved subnets (a lot! > http://www.iana.org/assignments/ipv4-address-space) Only if you are prepared to track any changes in the list. I'd expect to hand out IANA these reserved subnets over time. > It might be simpler to make an SMTP connection to the MX RR of the > sender's domain, and maibe even do a MAIL FROM: <>, RCPT TO: > $senderAddress to do a simple address check. There's a good chance you have configured 127.0.0.1 as relayclient, in which case that check would actually return that the address exists. hp -- _ | Peter J. Holzer | In this vale |_|_) | Sysadmin WSR | Of toil and sin | | | [EMAIL PROTECTED] | Your head grows bald __/ | http://www.hjp.at/ | But not your chin. -- Burma Shave
pgp00000.pgp
Description: PGP signature
