Re: Wrong DNS configuration. Which?

To: Ducrot Bruno <poup@poup.poupinou.org>
Cc: Jamie Heilman <jamie@audible.transient.net>, "Romanenko M.A." <mikhail@angg.ru>, <debian-security@lists.debian.org>
Subject: Re: Wrong DNS configuration. Which?
From: schwack <schwack@fluffy.cy.borg>
Date: Thu, 1 Mar 2001 14:30:42 -0600 (CST)
Message-id: <[🔎] Pine.BSO.4.33.0103011425340.20655-100000@fluffy.cy.borg>
In-reply-to: <[🔎] 20010301100528.A2383@poup.poupinou.org>

To me that doesn't look like misconfigured DNS at all. To me it looks like
sombodies trying to find mailservers that will allow them to relay mail,
or they are trying to relay mail from a bogus domain (which is why you
can't do a reverse lookup nor 'DIG' info on the remote machine). Its a
common practice for spammers to use bogus source domains. I think it gives
them some sense that their "spoofing" their identity. In any event, i'd
just ignore these errors. If your installation is setup correctly to DENY
relaying from unauthorized domains, which i think sendmail is setup like
that by default now, then you should be fine.

Just my 2 cents.

Clint/Schwack


On Thu, 1 Mar 2001, Ducrot Bruno wrote:

> On Wed, Feb 28, 2001 at 10:14:05PM -0800, Jamie Heilman wrote:
> > Romanenko M.A. wrote:
> >
> > > Am I right, that sendmail's check_mail rejects connection because there
> > > are no A-record for tgngu.tyumen.ru in other side DNS configuration?
> >
> > Yes, now if you believe this is a desirable configuration or not is another
> > matter, but that is probably what is happening.  It might be spam, it might
> > be a misconfiguration on their end.
>
> It's seem there is a misconfiguration on the other side:
> ducrot@poup:~$ dig tgngu.tyumen.ru mx
>
> ; <<>> DiG 8.2 <<>> tgngu.tyumen.ru mx
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3
> ;; QUERY SECTION:
> ;;      tgngu.tyumen.ru, type = MX, class = IN
>
> ;; ANSWER SECTION:
> tgngu.tyumen.ru.        10h13m7s IN MX  10 mail.tgngu.tyumen.ru.
> tgngu.tyumen.ru.        10h13m7s IN MX  20 mail.tyumen.ru.
>
> ;; AUTHORITY SECTION:
> tgngu.tyumen.ru.        1D IN NS        pride.tgngu.tyumen.ru.
>
> ;; ADDITIONAL SECTION:
> mail.tyumen.ru.         1D IN A         194.67.48.7
> mail.tyumen.ru.         1D IN A         213.24.146.7
> pride.tgngu.tyumen.ru.  1D IN A         194.67.48.65
>
> ;; Total query time: 3875 msec
> ;; FROM: poup.poupinou.org to SERVER: default -- 127.0.0.1
> ;; WHEN: Thu Mar  1 09:51:20 2001
> ;; MSG SIZE  sent: 33  rcvd: 143
>
>
> Thus, the "main" priority for the mx is mail.tgngu.tyumen.ru.
> But:
>
> ducrot@poup:~$ nslookup mail.tgngu.tyumen.ru
> Server:  localhost.localdomain
> Address:  127.0.0.1
>
> Non-authoritative answer:
> Name:    server.tgngu.tyumen.ru
> Address:  194.67.48.89
> Aliases:  mail.tgngu.tyumen.ru
>
> and also their mailer is a cname to server.tgngu.tyumen.ru.
> You can check anywhere that this is a bad thing. (see rfc 821,
> sec. 3.7 for example).
>
> --
> Ducrot Bruno
> http://www.poupinou.org        Page profaissionelle
> http://toto.tu-me-saoules.com  Haume page
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: Wrong DNS configuration. Which?
  - From: Ducrot Bruno <poup@poup.poupinou.org>

References:
- Re: Wrong DNS configuration. Which?
  - From: Ducrot Bruno <poup@poup.poupinou.org>

Prev by Date: Re: SSH with potato, not very secure?
Next by Date: Re: Quitting debian-java
Previous by thread: Re: Wrong DNS configuration. Which?
Next by thread: Re: Wrong DNS configuration. Which?
Index(es):
- Date
- Thread