Lots of mail servers are currently able to reverse lookup client connectios for logging / debugging / security purposes.
But you will have to consider the higher DNS traffic as you said. If the DNS server used by the mail server is local, then, after the initial lookup, they will start resolving from cache. but the only way to determine the ammount of traffic is to closely monitor DNS queries. Romulo M. Cholewa http://www.rmc.eti.br PGP Keys Available @ website. "A prediction is worth twenty explanations." -- K. Brecher -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tenorio, Leandro Sent: Thursday, April 25, 2002 6:13 PM To: 'Romulo Cholewa'; 'Nick Simicich'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; 'Clifford Thurber' Cc: 'Binaya D. Joshi'; [EMAIL PROTECTED]; 'Chris Lee' Subject: RE: blocking telnet to port 25 On some firewalls (I saw it on Raptor) you can do a reverse lookup on every smtp connection, that could resolve, at least, in part your problem, but you processor and bandwith usage will higher. -----Original Message----- From: Romulo Cholewa [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 8:31 AM To: 'Nick Simicich'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; 'Clifford Thurber' Cc: 'Binaya D. Joshi'; [EMAIL PROTECTED]; 'Chris Lee' Subject: RE: blocking telnet to port 25 Hi Nick, I did not understand why you said that. I mentioned Exchange as an example, not as an obligation. Anyway, would you enlighten me about your statement ? I have Exchange installed in at least 10 customers, and all of them work just fine. Maybe the Exchange installations you saw were not correctly configured. Regards, Romulo M. Cholewa http://www.rmc.eti.br PGP Keys Available @ website. "Without facts, the decision cannot be made logically. You must rely on your human intuition." -- Spock |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED]] On Behalf Of Nick Simicich |Sent: Thursday, April 25, 2002 1:07 AM |To: [EMAIL PROTECTED]; |[EMAIL PROTECTED]; 'Clifford Thurber' |Cc: 'Binaya D. Joshi'; [EMAIL PROTECTED]; 'Chris Lee' |Subject: RE: blocking telnet to port 25 | | |At 09:54 AM 2002-04-24 -0300, Romulo Cholewa wrote: |>You can use a proprietary email server that rely on RPC |connections, and |>force smtp authentication (ex. Exchange). |> |>This will provide you with the results I think you need. | |What, the inability to talk to anyone in the world who is not |running exchange? | |>Romulo M. Cholewa |>http://www.rmc.eti.br |>PGP Keys Available @ website. |> |> "If a technology does not seem like magic, that's |> because it's not good enough." |> |> |> |> |>|-----Original Message----- |>|From: [EMAIL PROTECTED] |>|[mailto:[EMAIL PROTECTED]] On Behalf Of |>|[EMAIL PROTECTED] |>|Sent: Wednesday, April 24, 2002 2:32 AM |>|To: Clifford Thurber |>|Cc: Binaya D. Joshi; [EMAIL PROTECTED]; Chris Lee |>|Subject: Re: blocking telnet to port 25 |>| |>| |>| |>| |>|could you fingerprint the source port? |>| |>|-C |>| |>|=-=-=-=-=-=-=-=-=-=-=-=-= | |>|0100111001101111011100110110010101111001 |>|Christopher Regenye | |>|System Services | I know you believe you understand what you |>|PR Newswire | think I said, but I am not sure you |realize that |>|christopher_regenye | what you heard is not what I meant. |>| @prnewswire.com | |>|=-=-=-=-=-=-=-=-=-=-=-=-= | |>|0111010000100000010110010110111101110101 |>| |>| |>| |>| |>| |>||--------+----------------------------> |>|| | Clifford Thurber | |>|| | <cthurber@edisonsc| |>|| | hools.com> | |>|| | | |>|| | 04/10/02 10:56 AM | |>|| | | |>||--------+----------------------------> |>| |>|>-------------------------------------------------------------- |>|----------------| |>| | |>| | |>| | To: "Binaya D. Joshi" <[EMAIL PROTECTED]>, Chris |>|Lee | |>| | <[EMAIL PROTECTED]> |>| | |>| | cc: [EMAIL PROTECTED], (bcc: Christopher |>|Regenye/PR Newswire)| |>| | Subject: Re: blocking telnet to port 25 |>| | |>| |>|>-------------------------------------------------------------- |>|----------------| |>| |>| |>| |>| |>| |>|You can't block telnet to port 25 you can either block port 25 or |>|port 23 but thats it. SMTP is a mail protocol it does not care how |>|the connection to the IP/port pair was established as long as it |>|follows the SMTP protocol(i.e issues Helo, Mail |>|From: Rcpt To: etc.) |>| |>| |>|At 04:14 PM 4/10/2002 +0545, Binaya D. Joshi wrote: |>|>blocking telnet to port 25 in mail server... huh ??? |>|> |>|> if so; may be this be the last mail u r be receiving :) |>|> |>|> |>|> |>|>B.D.Joshi |>|> |>|> |>|>On Wed, 10 Apr 2002, Chris Lee wrote: |>|> |>|> > If you want mail to through, you can't. |>|> > |>|> > Chris |>|> > |>|> > Sayed Peerzade wrote: |>|> > |>|> > > Hello, |>|> > > |>|> > > I'm systems engineer in an ISP handling mail servers, i also |>|> > > handle checkpoint. pls tell me how to block telnet to port 25, |>|> > > keeping normal telnet to perform normally on mail server |>|(netscape |>|> > > messaging server running on solaris OS)) |>|> > > u can tell me method to block either in checkpoint or on |>|mail server |>|> > > itself. |>|> > > Thanks and regards. |>|> > > |>|> > > Sayed K.Peerzade. |>|> > > |>|> > > _______________________________________________ |>|> > > Firewalls mailing list |>|> > > [EMAIL PROTECTED] |>|> > > http://lists.gnac.net/mailman/listinfo/firewalls |>|> > |>|> > _______________________________________________ |>|> > Firewalls mailing list |>|> > [EMAIL PROTECTED] |>|> > http://lists.gnac.net/mailman/listinfo/firewalls |>|> > |>|> |>|>_______________________________________________ |>|>Firewalls mailing list |>|>[EMAIL PROTECTED] |>|>http://lists.gnac.net/mailman/listinfo/firewalls |>| |>|_______________________________________________ |>|Firewalls mailing list |>|[EMAIL PROTECTED] |>|For Account Management (unsubscribe, get/change password, etc) Please |>|go to: http://lists.gnac.net/mailman/listinfo/firewalls |>| |>| |>| |>|_______________________________________________ |>|Firewalls mailing list |>|[EMAIL PROTECTED] |>|For Account Management (unsubscribe, get/change password, etc) Please |>|go to: http://lists.gnac.net/mailman/listinfo/firewalls |>| |> |>_______________________________________________ |>Firewalls mailing list |>[EMAIL PROTECTED] |>For Account Management (unsubscribe, get/change password, |etc) Please go to: |>http://lists.gnac.net/mailman/listinfo/firewalls | |-- |War is an ugly thing, but it is not the ugliest of things. The |decayed and |degraded state of moral and patriotic feeling which thinks |that nothing is |worth war is much worse. A man who has nothing for which he is |willing to |fight, nothing he cares about more than his own personal safety, is a |miserable creature who has no chance of being free, unless |made so by the |exertions of better men than himself. -- John Stuart Mill |Nick Simicich - [EMAIL PROTECTED] | |_______________________________________________ |Firewalls mailing list |[EMAIL PROTECTED] |For Account Management (unsubscribe, get/change password, etc) |Please go to: |http://lists.gnac.net/mailman/listinfo/firewalls | _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
