[Mimedefang] Soliciting opinions on filtering based on bad MX records
Ben Kamen
bkamen at benjammin.net
Thu Sep 11 17:22:01 EDT 2003
Michael Sims wrote:
> Hi,
>
> I've put some code into place to test the feasibility of filtering mail
> based on the domain of the envelope sender having a "bogus MX record". I
> think I have something here that might be useful, but I wanted to run it by
> the gurus on this list to get some opinions. What I know about DNS I've
> just picked up while administering my mail server, and I'm no expert by any
> means, so it may be possible that I'm overlooking something.
>
> I've created a new sub called "domainOfSenderHasBorkedDns" (yeah, I know how
> cumbersome that is :) ), which I call in filter_sender. It accepts a sender
> address and returns true if the domain of the address has a "bogus MX
> record". I define a bogus MX record as one that points to a non-routable
> address, whether this is 0.0.0.0, or a loopback address, or a reserved IP
> address. These are the checks that I perform, in order:
>
> (1) Retrieve the MX record for the sender domain. If it doesn't exist, I
> retrieve all A records for the sender domain. If they don't exist, I return
> false. If they do, I test each A record, returning true if any one of the
> records is "bogus", false otherwise.
>
> (2) If the MX record exists, I test it to see if it's in the format of an IP
> address. If it is, I test to see if it is "bogus", and I return true if it
> is, false if it isn't. I've noticed some domains have MX records like
> "127.0.0.1" and so forth, so this catches those.
Actually, right now, Ameritech in all their stupid wisdom, block emails
from domains that have multiple MX records of which one points to
loopback (like mine). It's a method of getting back at spammers...
spammers try to mail my server which rejects them, so they figure
they'll try my next MX record which points back to them. Hehehe. Fun.
So I would discount the loopback address since some of us use it for a
little fun. It pisses me off that ameritech sets up stupid $hit like
that, but then has no one with enough brains to stop hackers from their
network from hacking my server.
> (3) If the MX record is a hostname, I retrieve the A records for it. If
> they don't exist, I return false. If they do, I test each A record,
> returning true if any one of the records is "bogus", false otherwise.
More information about the MIMEDefang
mailing list