[Mimedefang] Another silly idea

Paul Murphy pjm at ousekjarr.org
Wed May 3 05:19:31 EDT 2006


> I hate this banning of dynamic addresses right away. Sure, 
> there is no (at 
> least not known to me) way to know, whether the host with a dynamic 
> address is an badly or well configured end-user system
 
If it has no reverse DNS and no MX records, it is a badly configured end-user
system.

Your messages come from "ux-2s11.inf.fh-bonn-rhein-sieg.de", which resolves
to 194.95.66.8, which has a reverse record matching its name.  Your mail
domain is "smail.inf.fh-bonn-rhein-sieg.de", which has an MX record pointing
to the main hostname, and which accepts connections on port 25.

This is a well-configured system, by my definition.  Other people may
disagree, but my filter would allow the connection.  My logic is shown below:

#----------------------------------------------------------------------------
sub check_broadband {
  my ($hostip,$hostname,$MsgID) = @_;

  my $Broadband_exemptions{'test.com'}=1;

  if ( exists $Broadband_exemptions{$hostname} )
    {
    md_syslog("info","$MsgID - Host $hostname($hostip) is broadband
exception");
    return (1);
    }
  if ( $hostname =~ /cable./i )
    {
    md_syslog("info","$MsgID - Host $hostname is a CABLE broadband client");
    return (0);
    }
  if ( $hostname =~ /hsdl./i )
    {
    md_syslog("info","$MsgID - Host $hostname is a HSDL broadband client");
    return (0);
    }
  if ( $hostname =~ /dsl./i )
    {
    md_syslog("info","$MsgID - Host $hostname is a DSL broadband client");
    return (0);
    }
  my @ipparts=split /\./,$hostip;
  my $partcount=0;
  foreach my $part ( @ipparts )
    {
    if ( $hostname =~ /$part/ ) 
      {
      $partcount++;
      }
    }
  if ( $partcount==4)
    {
    md_syslog('info',"$MsgID - ** hostname $hostname has its IP in its
reverse address - broadband/dynamic");
    return (0);
    }
  return (1);
}
#----------------------------------------------------------------------------

On the other hand, try this one:

Hostname:	CPE-60-226-9-199.qld.bigpond.net.au
IP address:	60.226.9.199
PTR record:	CPE-60-226-9-199.qld.bigpond.net.au
Port 25:	closed
MX records:	none

> There had been suggestions to add SPAM score points for dynamic hosts, 
> which I would prefer and can see the purpose.

If that's your policy, that's fine.  My policy is to block it completely,
which is of course the beauty of such a configurable system.
 
> To implement a whitelist system for well-behaved MTAs includes the 
> assumption that those have _fixed_ IP addresses; this need not be true.
> I would at least give those poor people out there using a well-configured 
> MTA on a dynamic address the chance to communicate with the world, e.g. 
> using certificates.

Effectively, a certificate system would be the same as a whitelist - the
owner of the system has to take action to have it recognised as a valid mail
server.  The problem with a certificate system is that I have to be able to
check the validity of the certificate.  99.99% of home users would have no
idea of how to register their system as a mail server, which is fine, as they
also have no idea of how to run a mail server anyway, and wouldn't want to
even if they had it explained to them, since their ISP does the job for them
and they are already paying for this service.

As a home user myself as well as a corporate IT manager, a whitelist system
seems more sensible and less CPU/bandwidth intensive, and could be managed
via the ISP, who would maintain the lists for their customers - you want to
run an SMTP server, then you request permission from them, and they add you
to the list.  I would then expect them to insist that you have a static IP,
that regular open relay checks performed by them always come back with the
result that relaying is denied, and that your mail volume remains under a
hard limit which you specify when requesting the system (both for their
protection and yours) - e.g. your normal mail load is 175000 messages a day,
so you set the limit at 300000, then when a new virus hits and your system
tries to send 2 million, the ISP monitor automatically removes it from the
list of valid servers when it hits 300000, saving you bandwidth and alerting
you that something is wrong.

Best Wishes,

Paul.

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.5.2/329 - Release Date: 02/05/2006
 




More information about the MIMEDefang mailing list