R A Lichtensteiger wrote:
Curtis Maurand wrote:
{Edited to fix top posting}
<> R A Lichtensteiger wrote:
<>
<> >There are a number of fixes, of course:
<> >
<> > 1a. Separate your outgoing relays from your inbound MX hosts.
<> > Some of the trojans do a PTR lookup on their address, then
<> > an MX query on the forward zone.
<> > 1b. Configure your MX hosts to not accept mail from INSIDE your
<> > network and configure your outbound relays to not accept mail
<> > from OUTSIDE your network.
<> The problem with 1a and 1b is that some networks won't accept mail from
<> non mx hosts.
Curtis,
Are you referring to SPF or to the silliness that Verizon has
implemented? Or something else entirely?
SPF isn't constrained to MXes; you can "announce" any host as a valid
mail relay for your domain.
Verizon's probe back at the MX to see if the username is valid is a
pimple on the ass of the Internet for sure, but the back query would
still work in the above case.
If something else, can you cite? I'm ignorant about who might have
implemented what ...
Reto (Errm ... perhaps off list as we're straying ...)
I get the following from both bellsouth and verizon.
Feb 3 18:33:42 [postfix/smtp] 1F09C203B9A: to=<ALN(_at_)SKYPOINT(_dot_)COM>,
relay=minuet.
skypoint.net[199.86.32.2], delay=52414, status=deferred (host
minuet.skypoint.ne
t[199.86.32.2] said: 451 4.1.8 Domain of sender address
apache(_at_)orion(_dot_)xyonet(_dot_)com
does not resolve (in reply to RCPT TO command))
Feb 3 18:33:42 [postfix/smtp] C4961203EA8: to=<GARDENELF(_at_)VERIZON(_dot_)NET>,
relay=re
lay.VERIZON.NET[206.46.170.12], delay=167144, status=deferred (host
relay.VERIZO
N.NET[206.46.170.12] said: 450 Unable to find orion.xyonet.com (in reply
to RCPT
TO command))
both of those messages are the results from an ecommerce system. both
are sending from a machine that posts via "/usr/sbin/sendmail -t"
instead of making a connection. the relevant section on the source
address of the email:
;; QUESTION SECTION:
;141.141.49.69.in-addr.arpa. IN PTR
;; ANSWER SECTION:
141.141.49.69.in-addr.arpa. 10800 IN PTR orion.xyonet.com.
So you see, mail confirmation of the users orders get rejected. I'm
really not keen on making that host forward mail to the real mail host.
Curtis
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail