On 04/09/2018 09:44 AM, Reindl Harald wrote:
Am 09.04.2018 um 16:24 schrieb David Jones:
I was wondering if anyone knows of an SA plugin or another method to
determine if the envelope-from domain has a valid MX record that is
listening on TCP port 25. I don't think it would be a major scorer but
it could be useful in meta rules.
you simply don't want connect to every innocent MX which inbound mail is
forged because for the sake of god you are attacking the victim of
spoofed mails and you are easily part of a distributed DOS when your few
connections back are only a small part
at least combine it with SPF_PASS and let alone domains without SPF
Rspamd is doing this and caching the information in Redis so it doesn't
check every single email. I am sure that it's only checking the valid
MX once it has passed some basic checks to prevent "attacking the victim
of spoofed emails."
--
David Jones
