Actually, it already does this. spamdyke searches first for an MX record for
the sender's domain name. If the return value appears to be an IP address
(four 3-digit numbers between 0 and 255 separated by dots), it stops and the
filter passes. (Yes, this is illegal according to the spec but a lot of
domains do it so spamdyke allows it.) If the return value is a name, it
performs an A lookup on the name to find an IP address. If that IP is not
127.0.0.1, the filter passes. I see a small oversight here -- if the MX record
is an IP address that is 127.0.0.1, spamdyke will pass it. I'll fix that.
If the MX filter does not pass, spamdyke then checks to see if the domain name
has an A record that resolves to an IP (not 127.0.0.1). If it does, the filter
passes.
It looks like this last step is what's causing yahool.com, yaho.com and
version.net to pass the filter. Even though yahool.com and yaho.com have
invalid MX records, they also have A records. If an MTA were trying to deliver
a message to an address in those domains, they would use the A record as the
receiving server -- this is perfectly legal. version.net's MX record points to
an A record that points to 127.0.0.1 but the domain itself has a valid A
record. This one is a bug -- if the MX record exists, the MTA would use that
and (should) ignore the valid A record; spamdyke should do the same. I'll fix
that, which will stop these domains from passing the filter.
For now, it looks like using the sender or rDNS blacklists is probably your
best move.
-- Sam Clippinger
On Aug 21, 2012, at 10:00 AM, Eric Shubert wrote:
> On 08/21/2012 07:51 AM, Marcin Orlowski wrote:
>> Bruce Schreiber wrote on 2012-08-21 16:37:
>>> Is there a way to block domains that have mx records of either 0 or
>>> 127.0.0.1. Both entries can be found in DNS and give us a headache.
>>> Look at yahool.com yaho.com version.net as problem domains.
>>
>> Heh, that's clever :) I do not see any option for that, yet
>> adding to the code should be quite easy.
>>
>>
>> Regards,
>>
>
> That's totally illegal (not that it doesn't occur). MX records should
> only point to A records. I suppose that spamdyke should also (at least
> have an option to) check that the A record exists (the MX resolves),
> much like it does for rDNS.
>
> --
> -Eric 'shubes'
>
>
>
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
