On Tue, 17 May 2005, Eric J. Wisti wrote:
>
> What about the users (like me) that have one ip address to play with? Do I
> use the ONE ptr record for mail, web, dns, ftp or whatever else I choose
> to make available to the world. Generally, only mail has a loose
> 'requirement' for front to back dns a/ptr records, but back in the day,
> so did ftp servers for the client side. So, if I choose to advertise my
> PTR as fw.domain.name, you consider my mail server suspect, unless it was
> advertised as fw.domain.name? Just because I don't have an easy way to
> provide 10's of addresses to the world?
I guess I'm saying that if I telnet to fw.domain.name on 25, I should see
something like
220 fw.domain.name ESMTP mail relay.
If it doesn't say that, then it is lying to anyone who connects to it.
Forward and back dns should resolve to the name spit out by the smtp 220
string. This should be verifiable.
If you host http and ftp on it as well then I think you can agree that
these services do not need to be as picky about the rdns/fdns stuff.
Many host http virtual domains on a single ip. This is ok 'cause it is
identified in the Host: header of the http connection.
> My system is secured and my ISP reserves the right to scan the ip
> space they provide (and they do check) for a number of 'questionable' or
> worse servers/services and disable those ips until repaired. That may or
> may not be the case for other ISPs, but I shouldn't have to use my ISPs
> servers, just 'cuz I can't have 10's of ip addresses.
True. So don't. If they let you host your services, then host them :)
> Some of us do this internet thing for fun and not for profit. If I am
> causing you problems, contact my ISP or blacklist my ip. I use Sendmail,
> Spamassassin, ClamAV and milter-greylist. Works well enough and if there
> is a server that is sending me things I don't care to get, I just add them
> to my private rbl list. No more mail. Might not work for a corporate
> server, but it works great for me. Takes time, yes. Impose restrictions
> on legit mail servers.? NOPE. Until SPF or cost based email systems get
> accepted, you'll have to be creative in your filtering of mail.
hehe... iptables -A INPUT -p tcp --dport 25 -j DROP
No worries :)
> Punish the 'criminals' not the responsible persons.
Yep -- that's the hard part and hopefully we will be there someday.
> Eric Wisti
Great name, btw!
-Eric
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
