Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: educating rDNS violators]

from [LordInfidel] Network Security [Permanent Link]
Subject: RE: educating rDNS violators]
Date: Mon, 27 Sep 2004 10:05:24 -0400 
point of clarification......

when you or a server connects to a smtp server, regardless of the intent,
the HELO (or EHLO for extended HELO) must be issued.  It is the same as a
SYN packet.

So when the RFC talks rejecting connections it is assuming that the HELO
command has been issued.  The HELO(EHLO) command is  the first step of
communication between mail servers and is how each server initially
identifies themselves.  This is where the smtp server get's the IP address
and or FQDN of the client.  (I use the term client because it is a
client/server connection, the sending smtp server is the client in this
scenario)

So the RFC does apply when talking about rejecting connections since all
smtp transmissions occur via HELO(EHLO).

-----Original Message-----
From: Pat Moffitt [mailto:pmoffitt@wrv.com]
Sent: Thursday, September 23, 2004 5:19 PM
To: security-basics@securityfocus.com
Subject: [RE: educating rDNS violators]



I am not attempting to verify the HELO Command.  I am attempting to verify
the 
IP Address of the system that is trying to make the SMTP connection.  As
such, 
this section of the RFC does not apply.  I see nothing in this RFC that
applies 
to using RDNS to reject mail connections, only on using RDNS to verify HELO 
commands.

Pat Moffitt
MIS Administrator
Western Recreational Vehicles, Inc.


-------- Original Message --------
Subject: RE: educating rDNS violators
Date: Tue, 31 Aug 2004 13:35:34 -0400
From: LordInfidel@directionweb.com
To: 'Derek Schaible' <dschaible@cssiinc.com>,   Niek <niek@packetstorm.nu>
CC: security-basics@securityfocus.com

[snip - to supply the relevent part of the message]

6. Section 5.2.5 of rfc1123 covers this quite explicitly.  Rejecting mail
based on RDNS ~~~***VIOLATES***~~~ the RFC:
http://www.faqs.org/rfcs/rfc1123.html

5.2.5  HELO Command: RFC-821 Section 3.5

[snip]
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: educating rDNS violators], LordInfidel <=
Previous by Date:  RE: REMOTE sql Server Access, Sarbjit Singh Gill
Next by Date:  Re: Password Cracking, Anirudhya Mitra
Previous by Thread:  [RE: educating rDNS violators], Pat Moffitt
Next by Thread:  Where does ICF store it`s ACL ?, Strcpy
Indexes:  [Date] [Thread] [Top] [All Lists]