Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}

from [Jamie Riden] Network Security [Permanent Link]
Subject: Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}
Date: Tue, 17 Oct 2006 14:20:24 +1300
On 14/10/06, Paul Schmehl <pauls@utdallas.edu> wrote: 
--On October 13, 2006 10:46:34 PM -0400 Valdis.Kletnieks@vt.edu wrote:

> On Mon, 09 Oct 2006 13:33:12 CDT, Paul Schmehl said:
>
> (Digging out from a long week of other stuff, sorry for the late
> response)
>
>> Its purpose is to reject *all* mail from bogus MTAs - dialups,
>> misconifigured servers, MTAs that aren't registered in the domains' DNS
>> as a "legal" MX, MTAs that don't reverse properly, etc., etc.  If the
>> email is
>
> "mta that aren't registered in the DNS as a "legal" MX" - tell me Paul,
> how does that work with any site that's big enough that they run split
> inbound MX and outbound servers?
>
Send me an email at geek@stovebolt.com, and I'll tell you.

I'm not sure what you mean by "split inbound and outbound", but any
outbound MX host *should* be listed in DNS.  You only list one -
smtp.vt.edu.  192.82.162.213 is reversible, so it would get points for
being honest about its IP/hostname, but it would lose points for not being
listed in DNS as an MX.  The overall score would determine if the mail was
rejected, but I doubt that it would be.


Hi Paul,

For example, my old uni used to send outgoing mail from
its-mail1.massey.ac.nz, but MXs are mu-relay{1,2}.massey.ac.nz. The
only place that its-mail1 gets mentioned in the DNS is in the SPF
record, not MX. Presumably that's what you meant by 'outbound MX
host'?

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com
NZ Honeynet project - http://www.nz-honeynet.org/

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}, Valdis . Kletnieks
Next by Date:  Re: Massive SPAM Increase {-2.6} {-2.6}, Steve Friedl
Previous by Thread:  RE: Massive SPAM Increase, Vince Valenti
Next by Thread:  Re: Massive SPAM Increase, jim barchuk
Indexes:  [Date] [Thread] [Top] [All Lists]