Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)
you shouldn't try to block everything that comes from a host which has no open
smtp port, this is in generel a bad idea...
reason: there are a lot (and I mean a lot) of servers out there, which only
sends mail out to the world, but should never recieve any mail directly, so
that it is okay to bind the smtpd only to localhost or to a internal lan
interface. Often there are other servers which recieves the mail for these
kind of setups...
The better way is to check against a real blacklist which has entries for
dial-up networks and maybe for dns-names without any MX or A entry...
for example spamassassin asks a lot of real blacklists and so it also checks
example for checks against RBLs (sorry, it's a german system, but I will
Domain der Absendeadresse nicht im DNS registriert (kein MX/A Eintrag) /
Domain of the sendingaddress has no dns entry (no mx/a record)
- RCVD_IN_NJABL_DIALUP RBL: NJABL:
Senderechner nur temporär mit Internet verbunden [XXX.XXX.XXX.XXX listed in
dnsbl.njabl.org] / Sending host is only connected to the internet temporary
and so on.... So in my opinion it's better to check against such lists than
simply block all mail that comes from a system without open smtp...
Am Samstag 10 April 2004 01:18 schrieb Andreas John:
> Dave Watkins wrote:
> > If I remember right (and someone correct me if I'm wrong) a mail server
> > doesn't have to have an MX record. If no MX record exists then the
> > sending server drops back to normal host records and this is perfectly
> > legitimate. So the MX record checking may not work so well
> Dave, your theory is right, you don't have to have an MX record in your
> DNS zone in order to receive mail, but Pulu wants to "tcpping", so his
> idea is to check if there is an open port 25, i.e. check if the sending
> server is an mailserver. This would not be the case with infected
> outlooks ;) but also not for hosts behind NAT FW.
> @Pulu: Is that your idea?
> The problem is more that a sending host has not neccessarily to be an
> receiver. (remindes me on goatse.cx ;-)) nor that is has to be smtp
> (submission et al?)
> In Germany several large scale ISPs began to block all mail comming
> directly from an dialup ip, so I think it would be an accepted way to
> try what Pulu wants to do.
> Andreas John
> net-lab GmbH
> Luisenstrasse 30b
> 63067 Offenbach
> Tel: +49 69 85700331