[Mimedefang] Validating sender domain opinion
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Mon Jul 12 08:41:58 EDT 2004
On Fri, 9 Jul 2004, WBrown at e1b.org wrote:
> mimedefang-bounces at lists.roaringpenguin.com wrote on 07/08/2004 09:37:16
> AM:
>
>> What about a DNS configuration with an invalid private MX as first one?
>
> They are probably lazy and do not have split DNS servers, or seperate ones
> for internal vs external resolution. The external ones are filters, and
Yeap, it seems to be some problem like that. Their hoster mailed the reply
to me(???) that this setup was the "cheapest" one and that it was agreed
among them and me(??). ;)
> If you want to block it, you could, but would your users like that? Do
> you feel like teaching the mail admin at mox.de how to fix their mail
> and/or DNS system?
I just tested how much it would block, when I sanity-check the sender
domain in filter_sender (), by:
1. request 1st MX RRs;
2. request all A RRs of result of 1. or given domain alternatively;
3. check that no "forbidden addresses" (127.*, 0.*, 192.168.* etc.pp) is
among the IPs.
Instead of to teach somebody something, I tried to find hosts, like
localhost.com, that way that evaluate to 127.0.0.1 and cause those "local
configuration error" notifications send to me. (I don't open a connection
to the server to verify its existance, just request the DNS information.)
The results are not too promising, but do indicate, that I'm to install
some filter rules on the server to block access to some internal networks.
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list