[CentOS] postfix tightening

Sat Apr 2 03:35:39 UTC 2005
Mark A. Lewis <mark at siliconjunkie.net>

 

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of 
> ryanag at zoominternet.net
> Sent: Friday, April 01, 2005 9:24 PM
> To: CentOS mailing list
> Subject: RE: [CentOS] postfix tightening
> 
> On Fri, 2005-04-01 at 21:04 -0600, Mark A. Lewis wrote:
> > 
> > Riight. Ever done a reverse lookup on a RR IP? Rogers? SBC? All of 
> > them will have valid reverse entries.
> See below.
> 
> http://searchcio.techtarget.com/sDefinition/0,,sid19_gci917504,00.html
> 
> "Reverse DNS (rDNS) is a method of resolving an IP address 
> into a domain
> name, just as the domain name system (DNS) resolves domain names into
> associated IP addresses. One of the applications of reverse 
> DNS is as a
> spam filter. Here's how it works: Typically, a spammer uses an invalid
> IP address, one that doesn't match the domain name. A reverse 
> DNS lookup
> program inputs IP addresses of incoming messages to a DNS database. If
> no valid name is found to match the IP address, the server blocks that
> message."

So, here is the problem.

Lets say that Acme Widget has their mail hosted with Hostco. Acme Widget
would rather not have mail.hostco.com in the mail headers for whatever
reason. So, hostco doesn't setup a ptr record for it. This does not make
Acme Widget or Hostco any more likely to be spammers, it just makes you
more likely to drop their mail.

Now, the other side of that...

Foospam wants to send out 87 bazillion mail messages to everyone about
fooagra. So, they set their mail server to helo with fooco.com and set
the ptr record to be mail.fooco.com and they just danced right by all of
this with very minimal effort. For that matter, you can use whatever ptr
your ISP sets up for you.

The whole accountablity thing is a fallacy. I can buy a domain right now
for $8, put whatever I want in the whois info and just use that for the
ptr record part, it could be a throwaway domain for all I care. At the
end of the day, it bought the person reciving the spam nothing.

Reverse DNS or not, you can see what IP the mail came from, you can tell
who is the owner of that IP and they can find out what user has that IP.
The problem is that most of them are simply unwilling to do so, they
ignore mail to the abuse address or just give you a canned answer.

My point is that relying on this only makes you more likely to drop
legit mail and poses no problem to the spammers.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.