On Tue, Jun 17, 2003 at 04:21:35PM -0400, Drew Weaver wrote: > > I don't think they check for the reverse lookup matching the forward. > > If they do, it will break way too many legitimate servers. They may > > be bouncing mail with NO reverse lookup (I do that myself)
> Technically it is not legitimate unless the A matches the PTR record. No 2
> ways about it.
Many ways about it. In fact, it's total bullshit.
There is NO one-to-one mapping of A records and PTR records. No
two ways about it. A given IP address may have many names associated
with it (that's a given with name based virtual hosting). By the same
token, a given name may have many IP addresses associated with it (that's
a given with server farms and mirrors and back systems). There is NO
one to one mapping of A records and PTR records.
Now, you could loop on A and PTR records and see if you ever
achieve a resolution...
Host "foo" has IP addresses that include "IP-A".
"IP-A" has PTR record to name "bar".
Name "bar" has IP addresses that include "IP-B".
"IP-B" has PTR record to name "bar".
Loop complete. Where do you terminate loop? How deep before
loop terminates with failure?
> > Sounds like they may be using the MAPS (Mail Abuse Prevention System)
> > DUL (Dial Up Listing). Most of the addresses on this list were
> > reported to the list by the ISP's responsible for them. And lots of
> > systems other than AOL use this list.
>
> Yeah, but ISPs are constantly adding new pools, phasing out old pools et
> cetera, the ISPs
> may not even own this block of IP anymore and it could be assigned to a
> Co-Lo someplace
> and peoples' mail could be getting rejected because sometime in the past it
> was announced
> as a DUL pool.
>
> > If they are using the MAPS DUL, they are in good company and it does
> > stop a lot of spam. Not as much as it used to, but still quite a bit.
> > Enough so that most spammers are now abusing open proxies rather than
> > sending direct to mx or using open relays.
>
> This is true, with the advent of the vulnerability that SQL slammer abused,
> I've
> seen countless instances of people injecting masked port 25 proxies into
> windows
> machines. Its probably the most common vulnerability i've seen abused in the
> last
> 2-3 months.
>
> -Drew
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:[EMAIL PROTECTED]
> https://www.redhat.com/mailman/listinfo/redhat-list
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
pgp00000.pgp
Description: PGP signature
