Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: educating rDNS violators

from [Chris Olave] Network Security [Permanent Link]
Subject: Re: educating rDNS violators
Date: Mon, 23 Aug 2004 20:21:17 -0700 
Our previous mail server setup included refusing all messages coming from
non-resolvable IP addresses.  We had toyed with the idea of imposing a full
DNS check (forward to reverse matching reverse to forward), however we
decided that it refused too much potentially-legit mail, we only allowed it
for about a half hour.

We had the rDNS requirement imposed for about two years and never had a
problem with it.  Friends and family emailing our customers would get a
customized refusal saying "hostname lookup failed"; they seemlessly would
forward it on to their provider who would eventually fix the problem.  We
imposed this restriction and noticed a fair amount of junkmail missing from
our inboxes the next morning.

Another way to catch a fair amount of spam is to require that the "From:"
addresses on messages be MX-able.  This will only catch the small bit of
spam that hasn't caught up to the rest of the world (using fake domains).
Newer spam methods include using a fake address "@yourdomain.com"; you could
write a ruleset that will check to see if the "From:" is a valid local user
(only if it's a local domain, obviously) and refuse to deliver the message
based on the "From:" not being a true local user.  This will catch a fair
amount of spam as well.

Have you looked into using services such as the MAPS RBL, DUL or other
lists?  We used these for a while and they seem to catch a good amount, but
not nearly enough spam.

We eventually decided to go with a "middle-man" mail filter.  We pointed our
MX records to the filter then the filter would forward mail to our SMTP
server.  Then we had the problem of spammers directly delivering mail to our
server (ignoring MX).  Then we had to impose restrictions for our mail
filter to be "OK" to deliver mail but no one else.  We are soon going to be
changing our refusal message from "Access denied" to "Please honor our MX
records and we'll accept your mail."

Our customers have not voiced any kind of displeasure.  If they do, we will
simply have to tell them the remote end needs to honor our MX records;
servers not abiding by it are not abiding by SMTP protocol in which case
there's probably a reason they are trying to bypass the filter.


Good luck!

----- Original Message ----- 
From: <SMiller@unimin.com>
To: <security-basics@securityfocus.com>
Sent: Wednesday, August 18, 2004 2:49 PM
Subject: educating rDNS violators



Our mail administration group recently implemented blocking of all

incoming

messages from domains that cannot be resolved via reverseDNS, for purposes
of spam prevention.  Of course, there are quite a number of legitimate
business contacts who do not have rDNS properly configured.  Assuming that
the rDNS criterion remains, the question becomes one of who will notify
and/or educate the sender(s) about this issue.  The only time-efficient

way

that I can think of to do this would be to have instructions and

references

in the body of the bounce message itself.  Anyone tried that?  Results?
Other suggestions?  Thanks in advance.

Scott


--------------------------------------------------------------------------

-

Computer Forensics Training at the InfoSec Institute. All of our class

sizes

are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills

of

a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.



http://www.securityfocus.com/sponsor/InfoSecInstitute_security-basics_040817

--------------------------------------------------------------------------

--





---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: educating rDNS violators, JGrimshaw
Next by Date:  RE: Securing web site with redundancy ?, Ivan Groenewald
Previous by Thread:  Re: educating rDNS violators, Bryan S. Sampsel
Next by Thread:  Re: educating rDNS violators, Eric Brown
Indexes:  [Date] [Thread] [Top] [All Lists]