[Mimedefang] how to undo Verisigns mess
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Tue Sep 16 10:04:01 EDT 2003
Hi!
> Hi,
>
> has anybody thought about what to make the best out of the mess Verisign
made
> in respect to SPAM scoring / sender address domain checking?
>
> Since recently, all .net and .com domains started to resolve, pointing to
a
> verisign owned server that shows a customized webpage. As per DNS this is
an
> A record, the "check if domain is resolvable" check of many mailers (and
> spamassassin) has been effectively nullified.
>
> I was thinking about adding a check for an explicit MX record (which
versign
> does not set currently).
>
> As an example, try looking up the nonexistent domain
> "roaringpiguin.com" (David forgive me for that little pun ;-) )
>
> $ dig roaringpiguin.com
>
> ; <<>> DiG 9.2.2 <<>> roaringpiguin.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34535
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
>
> ;; QUESTION SECTION:
> ;roaringpiguin.com. IN A
>
> ;; ANSWER SECTION:
> roaringpiguin.com. 900 IN A 64.94.110.11
>
>
> another solution might be to discard DNS checks which
> reverse-resolve to
> sitefinder-idn.verisign.com., but I don't know how stable
> that will be.
>
>
> Dirk
No mimedefang solution, but a sendmail ruleset made and posted by Richard
Rognlie on comp.mail.sendmail:
LOCAL_CONFIG
Kbestmx bestmx -z/
Khostip dns -RA
LOCAL_RULESETS
SLocal_check_mail
R$* $: $>canonify $1
R<@> $@ <@>
R$*<@$*.> $: $1<@$2> strip the trailing . if
present
R$*<@$+> $: $2 $| $>CheckBrokenVerisign $2
R$* $| $#$* $#$2
R$+ $| $* $: $1 $| $>CheckBadMX $( bestmx $1 $) /
R$* $| $#$* $#$2
SCheckBrokenVerisign
R$* $: $(hostip $1 $)
R64.94.110.11 $#error $@ 5.5.4 $: "550 Real domain name
required for sender address"
R127.0.0.1 $#error $@ 5.5.4 $: "550 Real domain name
required for sender address"
SCheckBadMX
R$* / $* $>CheckThisMX $1 / $2
SCheckThisMX
R$* / $* $: $(hostip $1 $) $| $2
R127.0.0.1 $| $* $#error $@ 5.5.4 $: "550 sender does not resolve
to a replyable domain"
R$* $| $* $@ $2
Be sure to put in tabs between LHS and RHS.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
More information about the MIMEDefang
mailing list