Incidents
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 06:29AM
Paul Schmehl (pauls utdallas edu) (2 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:26AM
Steve Friedl (steve unixwiz net)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 02:04PM
Valdis Kletnieks vt edu (1 replies)
On Mon, 16 Oct 2006 02:29:56 EDT, you said:
> I'm not sure what you mean by "split inbound and outbound", but any
> outbound MX host *should* be listed in DNS.

Again.. what is this "outbound MX" stuff? Can you point at *any* RFC
that defines it?

> You only list one -
> smtp.vt.edu.

Exactly, because that's the only place that you *should* try to send mail
to if you expect it to get to an @vt.edu address. If we listed our main
outbound server, and the load-balanced inbound farm was down for some reason,
you'd be trying to send mail to our outbound server, which won't work because
it's an *outbound* server.

> 192.82.162.213 is reversible, so it would get points for
> being honest about its IP/hostname, but it would lose points for not being
> listed in DNS as an MX.

You're missing the point, very badly.

The *vast majority* of larger sites do this, and do not list their outbound
servers in their MX list. See AOL, MSN, Yahoo, GMail, and pretty much everybody
else who's running enough mail to need a seperate outbound server.

Then go re-read RFC974, which discusses the use of DNS in mail routing.
Specifically, this section:

What the Domain Servers Know

The domain servers store information as a series of resource records
(RRs), each of which contains a particular piece of information about
a given domain name (which is usually, but not always, a host). The
simplest way to think of a RR is as a typed pair of datum, a domain
name matched with relevant data, and stored with some additional type
information to help systems determine when the RR is relevant. For
the purposes of message routing, the system stores RRs known as MX
RRs. Each MX matches a domain name with two pieces of data, a
preference value (an unsigned 16-bit integer), and the name of a
host. The preference number is used to indicate in what order the
mailer should attempt deliver to the MX hosts, with the lowest
numbered MX being the one to try first. Multiple MXs with the same
preference are permitted and have the same priority.

OK. Got that? An MX is *A HOST YOU SEND MAIL TO*. It's *NOT* a host that
sends *you* mail. If sites were *expected* to list hosts that *send* mail
in their MX list, why would we need any of the SPF variants? You wouldn't -
the whole reason for SPF to exist is to tag *OUTBOUND* servers because the
outbound list is different from the inbound list.

So the end result is that you're asking the DNS a meaningless question, and
getting back an answer that will probably apply to the majority of *legitimate*
mail, and adding that in. Why don't you just save the DNS lookup and just
add 0.75 to the score for *all* mail? ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFFM5FicC3lWbTT17ARAgs2AKDofOpzbxS/iVXjeUA5plgH/JW1pgCgnNWW
lFYqcTgMxt9tm1E5QDNiKUM=
=a3SE
-----END PGP SIGNATURE-----

[ reply ]
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 02:34PM
Rich Hart (wizkid wizkid com)


 

Privacy Statement
Copyright 2010, SecurityFocus