Mailing List Archive

At 07:44 AM 2/25/2004, Keith C. Ivey wrote:
>I found the NANOG thread where I remembered seeing the
>information about .biz and constantly changing DNS:
>
>http://www.merit.edu/mail.archives/nanog/2003-10/msg00438.html
>
>Read through the various followups.

OK, if I understand correctly, what's going on is this:

1. Spammers are setting up DNS records with very short expiration times (a
matter of minutes), similar to dyndns.org, in order to move/disguise their
web/email servers.
2. They are also moving their authoritative DNS servers around in order to
prevent their DNS being blocked.

#1 could be done in any TLD
#2 is made easier by .biz allowing changes within hours instead of days.

Is this right?


Kelson Vibber
SpeedGate Communications <www.speed.net>

For some time there has been a setting in CommunIGate Pro to only
accept domains that have proper rDNS entries so that the mail server
MUST verfy a real rDNS at the SMTP level. That's the only thing that I
can see that will stop invisible domains.

On Feb 25, 2004, at 10:44 AM, Keith C. Ivey wrote:

> I found the NANOG thread where I remembered seeing the
> information about .biz and constantly changing DNS:
>
> http://www.merit.edu/mail.archives/nanog/2003-10/msg00438.html
>
> Read through the various followups.
>
> --
> Keith C. Ivey <kcivey@cpcug.org>
> Washington, DC
>
>

Kindest regards,

Ron

"What shall we do? What shall we do?" he cried, "Escaping goblins to be
caught by wolves!" - Bilbo Baggins

The Hobbit by J. R. R. Tolkein
http://www.apple.com/trailers/newline/returnoftheking/trailer_large.html

On Wed, 25 Feb 2004, codger wrote:

> For some time there has been a setting in CommunIGate Pro to only
> accept domains that have proper rDNS entries so that the mail server
> MUST verfy a real rDNS at the SMTP level. That's the only thing that I
> can see that will stop invisible domains.
>
For what it's worth I use the following lines in sendmail.mc to weed out
problem domains. I now just discard the emails that trigger the rules but
I left in the commnented out reject notices if you want to be nice...Note
that these lines must not wrap in sendmail.mc.

dnl
LOCAL_RULESETS
SLocal_check_relay
R$* $: $&{client_resolve}
RTEMP $#discard $: discard
RFORGED $#discard $: discard
RFAIL $#discard $: discard
dnl
dnl RTEMP $#error $@ 5.7.1 $: "550 Access Denied ; Incomplete DNS.
Cannot resolve PTR record for "$&{client_addr}" Please have your system
administrator correct the zone entries."
dnl
dnl RFORGED $#error $@ 5.7.1 $: "550 Access Denied ; Incomplete DNS.
IP name possibly forged " $&{client_name}" Please have your system
administrator correct the zone entries."
dnl
dnl RFAIL $#error $@ 5.7.1 $: "550 Access Denied ; Incomplete DNS.
Hostname lookup failed for " $&{client_name}" please have your system
administrator correct the zone entries."
dnl

--
Gerry

"The lyfe so short, the craft so long to learne" Chaucer

codger <lists@pmbx.net> writes:

> For some time there has been a setting in CommunIGate Pro to only
> accept domains that have proper rDNS entries so that the mail server
> MUST verfy a real rDNS at the SMTP level. That's the only thing that I
> can see that will stop invisible domains.

Hello,
This was discussed several times, for example, in
Russian newsgroups. It was concluded that rejecting
domains without rDNS entries will block some spam, but
it will also cause too many false positives.
Eugene

--
Spammers, send me mail here: kaede.news@online.ru, akrosum@yahoo.com

The rDNS is not intended to block spams per se but to keep them from
being hidden as the article quoted in the original post discussed. I
didn't mean to reopen the rDNS debate at all. I meant merely to state
spammers who 'hide' from traceroute and whois (as that article
discussed) can't do so when an rDNS done during SMTP at the mail server
level. That should make this ploy of being 'invisible' to those methods
of spammer discovery essentially useless, if I'm reading that article
correctly.

Original article:
http://www.merit.edu/mail.archives/nanog/2003-10/msg00438.html

On Feb 26, 2004, at 1:25 AM, Eugene Morozov wrote:

> codger <lists@pmbx.net> writes:
>
>> For some time there has been a setting in CommunIGate Pro to only
>> accept domains that have proper rDNS entries so that the mail server
>> MUST verfy a real rDNS at the SMTP level. That's the only thing that I
>> can see that will stop invisible domains.
>
> Hello,
> This was discussed several times, for example, in
> Russian newsgroups. It was concluded that rejecting
> domains without rDNS entries will block some spam, but
> it will also cause too many false positives.
> Eugene
>
> --
> Spammers, send me mail here: kaede.news@online.ru, akrosum@yahoo.com
>
>

Kindest regards,

Ron

"What shall we do? What shall we do?" he cried, "Escaping goblins to be
caught by wolves!" - Bilbo Baggins

The Hobbit by J. R. R. Tolkein
http://www.apple.com/trailers/newline/returnoftheking/trailer_large.html