At 11:09 2005-06-29 +0200, Ruud H.G. van Tol wrote:
With SMTP-rejecting off, I get a lot of messages with faked From:
addresses like that. But I only switch SMTP-rejecting off for testing
purposes. I SMTP-reject Korean IP-space. What kind of messages where
these ".es and .nl coming from korean IP space"?
Er, SPAM. That was the point of my comment pointing out all the wildly
different origins of the TLDs - much of the stuff I'm seeing isn't even
coming from places one would expect to be legitimate. Yes, automating the
process of determining legitimate IP origins for a domain would be
problematic (esp with so many personal domains and
hosted-from-your-consumer-broadband connection servers not even having IP
delegation).
One could take the TLD and perform a lookup in the appropriate nerd.dk ip
blacklist and see if the relay host IP falls within there. If not, add
some points (again folks, this isn't a positive confirmation unto
itself!). Then, one could perform a DNS lookup of the MX's (which are
admittedly, inbound mail hosts, not necessarily outbound) for the actual
domain in question, and using nerd.dk (or similar), determine what
countries they're assigned to (the 127.0.0.x codes are ISO country codes,
IIRC). If different from the country which the relay host is in, bump up
the points some more (identifying as a probable forgery).
A few others might chill out if they realized that this filtering is for
mail arriving at _my_ mailboxes, not system wide. I don't profess wo know
what international communication habits any other user of my systems has.
A higher adoptance of SPF would be really spiffy. A standards-based
extension to DNS to publish outboud mail servers for a given domain would
be really nice.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail