[Mimedefang] filter_relay

Aleksandar Milivojevic amilivojevic at pbl.ca
Mon Nov 1 10:18:18 EST 2004 

Ben Kamen wrote:
> Let me iterate that better as I knew after reading what I wrote that I
> would get a response like you describe...
> 
> I'm not saying an ISP (let's use ComCast as an example) would need to list
> DNS and NOT list rDNS or vice-versa....
> 
> In sendmail, DNS can match, not match (forged) or not exist (no Record).
> 
> ComCast could definitely use DHCP to update the DNS servers and
> selectively so. So the A record could be static while the reverse could be
> dynamic set on a different but still make-sense scheme for trouble
> shooting.
> 
> To sendmail though, they wouldn't *match* and that would be the key. They
> would still resolve forward and reverse with make-sense query answers, but
> the A wouldn't match the PTR and that's what would be key to sendmail.
> 
> Maybe I haven't thought it all the way through, but that would be a nifty
> thing to do for the spam problem.

Still, I don't see any big gain.  As I said, viruses and worms would 
simply adapt.  For example, they'll use ISP's mail server to relay. 
Most ISP's don't have virus scanners (too expensive).  Another idea, 
they could carry a list of known open relays.  Or relays could be set up 
specifically for them.  They could update lists of relays to try from 
some IRC channel.  Most of them already have the code to use IRC.  So it 
wouldn't be difficult to implement this (couple of additional lines of 
code).  This is just one idea.  They could prbably adapt in many more 
other ways.  Lot of work, for no or very little gain.

BTW, back to the original question of using HELO argument for filtering. 
  One thing to note is that using HELO for any kind of checks is highly 
discouraged.  If not in SMTP related RFCs, than at least by the people 
who actually wrote and/or influenced those RFCs.  Also, argument to HELO 
can be a name that exists only as MX record.  It is perfectly legal.  I 
don't remember seeing requirement that HELO argument must exist as A 
record in DNS (but I might be wrong here).  Sendmail will do it if given 
right combination of masquearde options.  And there's no standard saying 
that MX record must have matching A record (well, usually it can't). 
Actually, sites that do have matching A records have them not because of 
email, they added them for web users (so that www.foobar.com and 
foobar.com resolve to same IP, that can be, and often is, different than 
any of the IP addresses that MX records indirectly point to).

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

More information about the MIMEDefang mailing list