On Tue, Jun 17, 2003 at 04:21:35PM -0400, Drew Weaver wrote: > > I don't think they check for the reverse lookup matching the forward. > > If they do, it will break way too many legitimate servers. They may > > be bouncing mail with NO reverse lookup (I do that myself)
> Technically it is not legitimate unless the A matches the PTR record. No 2 > ways about it. Many ways about it. In fact, it's total bullshit. There is NO one-to-one mapping of A records and PTR records. No two ways about it. A given IP address may have many names associated with it (that's a given with name based virtual hosting). By the same token, a given name may have many IP addresses associated with it (that's a given with server farms and mirrors and back systems). There is NO one to one mapping of A records and PTR records. Now, you could loop on A and PTR records and see if you ever achieve a resolution... Host "foo" has IP addresses that include "IP-A". "IP-A" has PTR record to name "bar". Name "bar" has IP addresses that include "IP-B". "IP-B" has PTR record to name "bar". Loop complete. Where do you terminate loop? How deep before loop terminates with failure? > > Sounds like they may be using the MAPS (Mail Abuse Prevention System) > > DUL (Dial Up Listing). Most of the addresses on this list were > > reported to the list by the ISP's responsible for them. And lots of > > systems other than AOL use this list. > > Yeah, but ISPs are constantly adding new pools, phasing out old pools et > cetera, the ISPs > may not even own this block of IP anymore and it could be assigned to a > Co-Lo someplace > and peoples' mail could be getting rejected because sometime in the past it > was announced > as a DUL pool. > > > If they are using the MAPS DUL, they are in good company and it does > > stop a lot of spam. Not as much as it used to, but still quite a bit. > > Enough so that most spammers are now abusing open proxies rather than > > sending direct to mx or using open relays. > > This is true, with the advent of the vulnerability that SQL slammer abused, > I've > seen countless instances of people injecting masked port 25 proxies into > windows > machines. Its probably the most common vulnerability i've seen abused in the > last > 2-3 months. > > -Drew > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list -- Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
pgp00000.pgp
Description: PGP signature