ietf-asrg
[Top] [All Lists]

Re: [Asrg] whitelisting server and not users

2003-04-02 14:28:01
On Wed, Apr 02, 2003 at 04:06:32PM -0500, Kee Hinckley wrote:
Too many ISPs don't provide reverse DNS to their customers, but do 
allow mail servers.  And many of those that do provide reverse DNS, 
reverse it to their own domain, not the sender's domain.

So what? What do you think is a minor problem:
  - adding a DNS record to the reverse zone
  - installing a new system for user administration and lookups

envelope -> domain -> lookup ip at domain

No, no, no ;-)
In my proposal I want to get rid of all the "I don't want you to be a
mailserver" hosts, i.e.
- workstations that are worm/virus infected
- workstations that are misconfigured and run
  - proxies that nobody knows about
  - SMTP servers that nobody knows about
- hacked DSL users
- thousands of hosts in universities that are not blocked by campus firewalls
- ...

I don't want to look at domain names or email addresses, I just want to
look at IP addresses, like in DNSBLs, but it is a DNSWL and the people
that are in charge of maintaining the reverse zone can whitelist hosts.

I don't accept a "they don't maintain RR zones" as an argument.
Everybody maintains RR zones the one or the other way. Now we could
force them to do it the correct way.

        \Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg