Re: [Mimedefang] DNS and MX records
On Sat, 13 May 2006, netguy wrote: reply and/or voice their opinions, thanks. I did not ever get a definitive answer so I figured that I was treading on new ground; sorta. It seems to me Hmm, these is something you should keep in mind that postmaster@ and abuse@ are to be available in @domain.tld, which MAY receive any complaints for all subdomains of it. Hey, I found it:: RFC2142: Section 2 2. INVARIANTS For well known names that are not related to specific protocols, only the organization's top level domain name are required to be valid. For example, if an Internet service provider's domain name is COMPANY.COM, then the [EMAIL PROTECTED] address must be valid and supported, even though the customers whose activity generates complaints use hosts with more specific domain names like SHELL1.COMPANY.COM. Note, however, that it is valid and encouraged to support mailbox names for sub-domains, as appropriate. I use this, too, in order to notify postmaster about problems with domains etc. Bye, -- Steffen Kaiser ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
Thanks! This is great info! Regards, KAM - Original Message - From: Jan Pieter Cornet [EMAIL PROTECTED] To: mimedefang@lists.roaringpenguin.com Sent: Wednesday, May 10, 2006 4:58 PM Subject: Re: [Mimedefang] DNS and MX records On Wed, May 10, 2006 at 02:48:42PM -0400, Kevin A. McGrail wrote: Further, I believe there really is a standard' to publish a blank MX record at priority 0 but I think I heard about it from Jan-Pieter Cornet. Anyone know if this has a real RFC or anything? It was described in a now-expired ietf document draft-delany-nullmx-00.txt, still available at: http://ietfreport.isoc.org/all-ids/draft-delany-nullmx-00.txt ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
Hi all [snip] It was described in a now-expired ietf document draft-delany-nullmx-00.txt, still available at: http://ietfreport.isoc.org/all-ids/draft-delany-nullmx-00.txt This does not answer the question of how to stop spammers from using network resources. So that is probably very wishfull thinking but if another avenue could be taken away from them... Spam is sent to domain.tld WITHOUT checking MX records. I don't believe that I am unique in that I host domains behind a firewall with ONE live IP addy. I suspect that there are many folks out there doing on a small scale what the big boys do. I don't want to be a 'big boy', but I do want to provide my customers excellent service. After all, I can change stuff faster than the big boys which keeps my customers happy. For example, how long did it take AOL, Netscape, MSN ... etc ... to get into some sort of filtering? I think that it was about 5 years after I did. Yahoo's MX servers still spew spam on occasion but they get the rogue user shut down in time. Want to talk about Verizone and RR? Geesh, even sending abuse@ a small little note gets you nowhere fast. The world isn't perfect but I try to keep my little corner of it as close to as I can. Keep up the good work! todh ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
On Mon, 2006-05-15 at 07:43, netguy wrote: It was described in a now-expired ietf document draft-delany-nullmx-00.txt, still available at: http://ietfreport.isoc.org/all-ids/draft-delany-nullmx-00.txt This does not answer the question of how to stop spammers from using network resources. So that is probably very wishfull thinking but if another avenue could be taken away from them... Spam is sent to domain.tld WITHOUT checking MX records. If you don't include the domain in local-host-names sendmail should reject everything at the RCPT TO step before DATA is permitted. That still consumes some resources but should be insignificant compared to the ones you accept and scan. -- Les Mikesell [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
On Mon, 15 May 2006, netguy wrote: This does not answer the question of how to stop spammers from using network resources. So that is probably very wishfull thinking but if another avenue could be taken away from them... Spam is sent to domain.tld WITHOUT checking MX records. Dunno what's the problem with it - to check the MX records and to not SPAM in such case, is like to think that nobody tries to pickpocket you, when you wear a plaque Nothing to rob here. You have to fight this sort of SPAM the same as you fight any SPAM. And with not to be able to distinct, whether the message came in through MX or not, what do I miss about the situation? BTW: When you have only one IP address, where does your MX points to?? If there is a MTA running on port 25 on the machine, you're entitled to get robbed (er SPAMMed). :-/ We block SMTP attempts to hosts, which don't even have any DNS mapping. Bye, -- Steffen Kaiser ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
On May 15, 2006, at 6:01 AM, Les Mikesell wrote: On Mon, 2006-05-15 at 07:43, netguy wrote: It was described in a now-expired ietf document draft-delany-nullmx-00.txt, still available at: http://ietfreport.isoc.org/all-ids/draft-delany-nullmx-00.txt This does not answer the question of how to stop spammers from using network resources. So that is probably very wishfull thinking but if another avenue could be taken away from them... Spam is sent to domain.tld WITHOUT checking MX records. If you don't include the domain in local-host-names sendmail should reject everything at the RCPT TO step before DATA is permitted. That still consumes some resources but should be insignificant compared to the ones you accept and scan. or, going with the topic of this list, if you wanted to accept mail for postmaster and abuse, you could keep the domain in local-host-names, but filter out any recipients for that domain (except postmaster and abuse) during filter_recipient. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNS and MX records
On Mon, 2006-05-15 at 09:43, John Rudd wrote: This does not answer the question of how to stop spammers from using network resources. So that is probably very wishfull thinking but if another avenue could be taken away from them... Spam is sent to domain.tld WITHOUT checking MX records. If you don't include the domain in local-host-names sendmail should reject everything at the RCPT TO step before DATA is permitted. That still consumes some resources but should be insignificant compared to the ones you accept and scan. or, going with the topic of this list, if you wanted to accept mail for postmaster and abuse, you could keep the domain in local-host-names, but filter out any recipients for that domain (except postmaster and abuse) during filter_recipient. Or probably more efficiently, let sendmail do it by using virtusertable with postmaster and abuse addresses forwarded somewhere and the rest of the domain rejected with: # catch-all error for unknown users @domain.name error:nouser No such user here That way it shouldn't even hit the perl code. If you have other domains you want to handle the same way, you can map them together like: @other.domain1 [EMAIL PROTECTED] @other.domain2 [EMAIL PROTECTED] -- Les Mikesell [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Hacking in authenticated local submissions
I'm using port 465 and SSL for local submissions, and I'd like to tweak either Mdf or SA (or both) so that if I forward (for instance) a copy of a spam to someone outside, that I in turn don't get my message rejected because it looks like spam. Now, why isn't trusted_networks taking effect? Because I might be connecting via the public Internet (and using IMAPS and SMTPS to converse with my mail server). Do we want to change the line: if ($Features{SpamAssassin}) { in mimedefang-filter, for instance, to skip this check if $auth_authen is valid? -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
David F. Skoll wrote: (although it does have one, to catch people who are too lazy to type www. into their browsers.) [EMAIL PROTECTED] wrote: Usually, domain.tld would be the same as www.domain.tld, registered for those too lazy to type www. as part of the address. Of course marketing type like to say Visit us online at sony.com!! netguy wrote: Note that there is no reason to other than ease of use for surfers because they are lazy and don't want to type in the www part. John Rudd wrote: So, Lazy users who connect to http://domain.tld/* will get a redirect to http://www.domain.tld/* Am I the only one who finds this talk of lazy users a bit... I don't know, condescending? (Admittedly, this is on a list made up of sysadmins, so I suppose that's par for the course.) Really, the only reason websites tend to be named www.example.com these days is tradition. I mean, hardly anyone uses email addresses like [EMAIL PROTECTED] anymore -- the protocol and domain are enough for the common case, and people only tack on a hostname or subdomain for exceptional cases. Heck, most end users don't know, and don't need to know, that www. indicates a hostname. The only real use for the www. prefix is as a visual cue indicating that the address refers to a website. It's shorter and more aesthetically pleasing than http:// It's certainly not easy in speech. double-u double-u double-u dot example dot com takes a lot longer to say than just example dot com. And let's not even start with H T T P colon double-slash... As sysadmins, our jobs are to make things work smoothly for the end users. Sometimes that involves educating them (Don't open unexpected attachments!) Sometimes that involves adjusting the system to make it easier to use (filter out known viruses and spam.) This seems like a clear-cut case of the latter. -- Kelson Vibber SpeedGate Communications www.speed.net ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Hacking in authenticated local submissions
Philip Prindeville wrote: I'm using port 465 and SSL for local submissions, and I'd like to tweak either Mdf or SA (or both) so that if I forward (for instance) a copy of a spam to someone outside, that I in turn don't get my message rejected because it looks like spam. Now, why isn't trusted_networks taking effect? Because I might be connecting via the public Internet (and using IMAPS and SMTPS to converse with my mail server). Do we want to change the line: if ($Features{SpamAssassin}) { in mimedefang-filter, for instance, to skip this check if $auth_authen is valid? -Philip Philip, Go read this page: http://sial.org/howto/mimedefang/macro-pass/ . It describes how to setup sendmail to pass macros to mimedefang. Use it to pass a macro that tells MD whether the user authenticated or not. If this user authenticated, and you trust them, then just omit them from spam filtering altogether. schu ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
Kelson [EMAIL PROTECTED] wrote on 05/15/2006 01:41:17 PM: The only real use for the www. prefix is as a visual cue indicating that the address refers to a website. It's shorter and more aesthetically pleasing than http:// It's certainly not easy in speech. double-u double-u double-u dot example dot com takes a lot longer to say than just example dot com. And let's not even start with H T T P colon double-slash... I gotta say the www. is more pleasing the HTTP:// and it's shorter too. Four keystrokes (three of them on the same key) vs. seven. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
On 5/15/06, Kelson [EMAIL PROTECTED] wrote: David F. Skoll wrote: (although it does have one, to catch people who are too lazy to type www. into their browsers.) ---SNIP--- Am I the only one who finds this talk of lazy users a bit... I don't know, condescending? (Admittedly, this is on a list made up of sysadmins, so I suppose that's par for the course.) No, you're not. I know plent of sites that advertise themselves as http://domain.com;. As you say, the use of the www. prefix is convention, not out of some technical need. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
As a sidenote, I do remember reading (although I can't remember where) that it's considered bad form to assign an IP address to a domain. IP's should be assigned to hosts... Anyone else ever read that? I can't remember if it was an RFC or what. -Ben -- Ben Kamen - O.D.T., S.P. == Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net begin:vcard fn:Ben Kamen n:Kamen;Ben adr:;;USA email;internet:[EMAIL PROTECTED] title:O.D.T. - S.P. x-mozilla-html:FALSE url:http://www.benjammin.net/ version:2.1 end:vcard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Hacking in authenticated local submissions
Philip Prindeville wrote: Do we want to change the line: if ($Features{SpamAssassin}) { in mimedefang-filter, for instance, to skip this check if $auth_authen is valid? Yup. http://www.mimedefang.com/kwiki/index.cgi?SMTPAuth David, perhaps the synthesize_received_header could add an ESMTPA keyword for mail received under the auspices of SMTP AUTH? That would allow SpamAssassin to know that the mail was from an authenticated source. http://www.ietf.org/rfc/rfc3848.txt http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4184 -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
On 15 May 2006 at 10:41, Kelson wrote: Really, the only reason websites tend to be named www.example.com these days is tradition. Well, yes. That's the tradition for the *default* website for a domain. Other websites at that domain may have different hostnames. Almost every major domain uses this structure. The only real use for the www. prefix is as a visual cue indicating that the address refers to a website. No, it's because it's not store.domain.tld (where you buy stuff from the company) or support.domain.tld (where they provide support info), etc. As sysadmins, our jobs are to make things work smoothly for the end users. Sometimes that involves educating them (Don't open unexpected attachments!) Sometimes that involves adjusting the system to make it easier to use (filter out known viruses and spam.) This seems like a clear-cut case of the latter. Yes, for lazy users, we sometimes allow them to not type www because that has historically been the hostname for the default website. But there are many domains out there where I do *not* go to the default website to start...I'll type support.domain.tld because that's what I want. -- Jeff Rife | I don't have to be Ray Liotta: movie star, | anymore. I can be Ray Liotta: Maya's boyfriend. | All I want to do is regular, boring, ordinary | couple things. | Then you, sir, have hit the soul-mate lottery. | -- Ray Liotta and Nina Van Horn, Just Shoot Me ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
Jeff Rife wrote: The only real use for the www. prefix is as a visual cue indicating that the address refers to a website. No, it's because it's not store.domain.tld (where you buy stuff from the company) or support.domain.tld (where they provide support info), etc. I'm not talking about www vs. other hostnames -- I'm talking about www vs. the plain domain name. You could just as easily have domain.tld be the main website for the domain and support.domain.tld and store.domain.tld be alternate websites. Whether the default is www.domain.tld or domain.tld has no impact on this at all. -- Kelson Vibber SpeedGate Communications www.speed.net ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
On 15 May 2006 at 12:06, Kelson wrote: No, it's because it's not store.domain.tld (where you buy stuff from the company) or support.domain.tld (where they provide support info), etc. I'm not talking about www vs. other hostnames -- I'm talking about www vs. the plain domain name. You could just as easily have domain.tld be the main website for the domain and support.domain.tld and store.domain.tld be alternate websites. Whether the default is www.domain.tld or domain.tld has no impact on this at all. Well, you obviously want *both* to be answered by the same machine. Historically, it's www. It really is just for the sake of lazy users (and marketing departments) that domains need to have the bare domain also pointing to the default web site (or a re-direct site). -- Jeff Rife | | http://www.nabs.net/Cartoons/Zits/Merging.jpg ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
I run an Apache Web Server. When I create a virtual domain I add both the ServerName and ServerAlias directives to each. I know IIS has a similar convention. Is it a lazy user or a lazy admin? My $.02 for what it's worth!! Pete Am I the only one who finds this talk of lazy users a bit... I don't know, condescending? (Admittedly, this is on a list made up of sysadmins, so I suppose that's par for the course.) Really, the only reason websites tend to be named www.example.com these days is tradition. I mean, hardly anyone uses email addresses like [EMAIL PROTECTED] anymore -- the protocol and domain are enough for the common case, and people only tack on a hostname or subdomain for exceptional cases. Heck, most end users don't know, and don't need to know, that www. indicates a hostname. The only real use for the www. prefix is as a visual cue indicating that the address refers to a website. It's shorter and more aesthetically pleasing than http:// It's certainly not easy in speech. double-u double-u double-u dot example dot com takes a lot longer to say than just example dot com. And let's not even start with H T T P colon double-slash... As sysadmins, our jobs are to make things work smoothly for the end users. Sometimes that involves educating them (Don't open unexpected attachments!) Sometimes that involves adjusting the system to make it easier to use (filter out known viruses and spam.) This seems like a clear-cut case of the latter. -- Kelson Vibber SpeedGate Communications www.speed.net ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Network and Systems Project Management and Installation and Web Hosting. Phone: 919-618-2557 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: www. and lazy users (was Re: DNS and MX records)
On May 15, 2006, at 10:53 AM, Peter P. Benac wrote: I run an Apache Web Server. When I create a virtual domain I add both the ServerName and ServerAlias directives to each. I know IIS has a similar convention. Is it a lazy user or a lazy admin? Lazy user. Because it's not about typing, it's about learning the medium in which you are operating. People who don't know www.domain.tld are the kind of people who don't know how to pump gas for their own car, and/or don't know that you need to the change the oil in your car every so often. It's not physically lazy, it's intellectually lazy. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Hacking in authenticated local submissions
[EMAIL PROTECTED] wrote: Philip Prindeville wrote: Do we want to change the line: if ($Features{SpamAssassin}) { in mimedefang-filter, for instance, to skip this check if $auth_authen is valid? Yup. http://www.mimedefang.com/kwiki/index.cgi?SMTPAuth Thanks. Should that be defined or exists? Because you can populate a hash with: $hash{key} = undef; and defined($hash{key}) will be false, but exists($hash{key}) with not. -Philip David, perhaps the synthesize_received_header could add an ESMTPA keyword for mail received under the auspices of SMTP AUTH? That would allow SpamAssassin to know that the mail was from an authenticated source. http://www.ietf.org/rfc/rfc3848.txt http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4184 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang