We plan to widely implement greylisting.
For that we want to establish a whitelist of "wellknown" mailservers
to reduce the inpact and spare some useless rejections and time delays.
To build an initial list and to not be *that* dependant on IP addresses
we took some logfiles worth of some million connections and eliminated
all the obvious
dyn-83-157-187-223.ppp.tiscali.fr [83.157.187.223]
200-140-011-028.bsace705.dsl.brasiltelecom.net.br [200.140.11.28]
dsl-201-129-15-54.prod-infinitum.com.mx [201.129.15.54]
[ ... ]
stuff.
However we noticed that even mailserver farms are named as braindamaged
and hierarchy breaking as the example above. Why does it have to be
mail-[0-9][0-9].iinet.net.au
instead of
host[0-9][09-].mail.iinet.net.au
Or
outfbmx___.isp.belgacom.be
mail-relay_.ubc.ca
mx_.uniserve.ca
mx__.bluewin.ch
cernmx__.cern.ch
mta-_s-be-__.sunrise.ch
mail-store-____.amazon.com
smtp-out-____.amazon.com
mail-out_.apple.com
sj-iport-_-in.cisco.com
cnnimail__.cnn.com
siaag___.compuserve.com
mxpool__.ebay.com
mxsmfpool__.ebay.com
fmr__.intel.com
mail__.messagelabs.com
inet-mail_.oracle.com
exprod6mo_.postini.com
this list is endless and even companies that are deeply involved in the
Internet and eMail services and that use the Internet for ages seem to
not know how to do it right.
It would be more correct and so much easier to anti-greylist
.mail.domain.tld
instead of adding 20 records
mail-smtp-01.domainl.tld
...
mail-smtp-20.domainl.tld
Why do they all flaten or reverse the RtoL hierarchy idea of the DNS as
soon as it reaches their own administration?
*sigh*
\Maex
P.S. Yes, I am fully aware of the security implications caused by trusting
information derived from a reverse DNS lookup.
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg