[Mimedefang] Soliciting opinions on filtering based on bad MX records
Stephen Smoogen
smoogen at lanl.gov
Thu Sep 11 16:51:00 EDT 2003
On Thu, 2003-09-11 at 14:25, Michael Sims wrote:
> Hi,
>
> I've put some code into place to test the feasibility of filtering mail
> based on the domain of the envelope sender having a "bogus MX record". I
> think I have something here that might be useful, but I wanted to run it by
> the gurus on this list to get some opinions. What I know about DNS I've
> just picked up while administering my mail server, and I'm no expert by any
> means, so it may be possible that I'm overlooking something.
>
I have been wanting something like this week. A lot of spam has MX
records of currently reserved IP addresses that dont route (1.1.1.1
shows up a lot). I would love to have our proxies do a poor man's RMX
and drop email that fits a list of CIDR blocks of MX's we dont accept.
> I've created a new sub called "domainOfSenderHasBorkedDns" (yeah, I know how
> cumbersome that is :) ), which I call in filter_sender. It accepts a sender
> (1) Retrieve the MX record for the sender domain. If it doesn't exist, I
> retrieve all A records for the sender domain. If they don't exist, I return
> false. If they do, I test each A record, returning true if any one of the
> records is "bogus", false otherwise.
>
Hmmm that might not scale very well for some silly sites that have 2 or
3 Class B's on a fairly flat namespace. Unless I am misunderstanding
what you are saying. Of course not having an MX for that kind of setup
is brain-damaged enough .. but you might end up with much more data than
you expected.
> (2) If the MX record exists, I test it to see if it's in the format of an IP
> address. If it is, I test to see if it is "bogus", and I return true if it
> is, false if it isn't. I've noticed some domains have MX records like
> "127.0.0.1" and so forth, so this catches those.
>
> (3) If the MX record is a hostname, I retrieve the A records for it. If
> they don't exist, I return false. If they do, I test each A record,
> returning true if any one of the records is "bogus", false otherwise.
>
> My basic approach is to only claim that a domain has bogus MX if I get some
> sort of affirmative response from DNS with a non-routable address. If I
> don't get a response from DNS I return false, since I'm not sure if the
> failure is due to bad DNS or intermittent DNS problems on my side.
Sounds logical. Sorry I cant comment on the code itself at the moment..
will try later.
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Labrador CCN-5 Sched 5/40 PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
More information about the MIMEDefang
mailing list