[Mimedefang] $RelayHostname not matchingsendmail's Receivedheader?
WBrown at e1b.org
WBrown at e1b.org
Mon Dec 11 11:11:43 EST 2006
Jeff wrote on 12/09/2006 04:57:51 PM:
> So, when my server sends e-mail, it uses "saber.nabs.net" as its
> "EHLO", and the connection comes from 71.246.216.107. "host
> saber.nabs.net" returns 71.246.216.107, which is the same IP that the
> connection comes from. So far, so good.
>
> But, "host 71.246.216.107" returns:
> static-71-246-216-107.washdc.fios.verizon.net.
>
> This hits on just about every "is this a generic rDNS" regex. But, as
> you can see by the name, it's not likely to be a dialup/dynamic, etc.
>
> So, I vote for any change to the Botnet code that ends up with my type
> of situation (which is pretty much what Jan-Pieter was also describing)
> not getting rejected.
Since many home dialup/DSL/Cable users that want to connect to their AUP
violating servers at home use free dynamic DNS services, I have a proposal
to help seperate them from the legit servers like Jeff describes.
The free dynamic DNS servers usually have very short TTL values, and
presumably, a legitimate server like saber.nabs.net has a more reasonable
(greather than 2 hour) value. By checking the TTL, you can help weed out
the bogus servers without blocking small business mail servers on DSL/etc
connections.
Another test might be to see who hosts their DNS, but that might be more
problematic. If it is a known free, dynamic DNS server, regardless of
TTL, would that be a spam indicator?
More information about the MIMEDefang
mailing list