[Mimedefang] Soliciting opinions on filtering based on bad MX records
David F. Skoll
dfs at roaringpenguin.com
Thu Sep 11 16:42:00 EDT 2003
On Thu, 11 Sep 2003, Michael Sims wrote:
> I've created a new sub called "domainOfSenderHasBorkedDns" (yeah, I know how
> cumbersome that is :) ), which I call in filter_sender. It accepts a sender
> address and returns true if the domain of the address has a "bogus MX
> record". I define a bogus MX record as one that points to a non-routable
> address, whether this is 0.0.0.0, or a loopback address, or a reserved IP
> address.
You should also check for multicast addresses (224.x.x.x, and up, I believe).
> (1) Retrieve the MX record for the sender domain. If it doesn't exist, I
> retrieve all A records for the sender domain. If they don't exist, I return
> false.
Sendmail should have rejected it at that point, unless you have
accept_unresolvable_domains on.
> (2) If the MX record exists, I test it to see if it's in the format of an IP
> address.
It shouldn't be; according to the RFC's, an MX record must be a host name,
not an IP address.
> (3) If the MX record is a hostname, I retrieve the A records for it.
One wrinkle: The MX record could point to a CNAME. That's considered
rude, but it does happen. Furthermore, a malicious spammer could make
a CNAME loop, which would make a naive testing routine fail badly.
I'd be interested to know how much mail this test would stop. My gut feeling
is not much.
Regards,
David.
More information about the MIMEDefang
mailing list