Re: Massive SPAM Increase {-2.6} {-2.6}

On Mon, Oct 16, 2006 at 02:29:56AM -0400, Paul Schmehl wrote:
Send me an email at geek@xxxxxxxxxxxxx, and I'll tell you.

I'm not sure what you mean by "split inbound and outbound", but any
outbound MX host *should* be listed in DNS. You only list one -
smtp.vt.edu. 192.82.162.213 is reversible, so it would get points for
being honest about its IP/hostname, but it would lose points for not being
listed in DNS as an MX. The overall score would determine if the mail was
rejected, but I doubt that it would be.

Huh?

MX records are only used to describe machines that are able to receive
mail for the given domain: many many sites have farms of mail servers
that do nothing but send mail all day (Example: eBay and all the outbid
notifications you get). There is no requirement that they also receive
mail, and you should never list in MX a machine that won't accept mail.

This whole notion is just totally confused.

Now the question you *want* to ask is a useful one: "is this server
authorized to send mail on behalf of the sender?", but MX is not the
way to answer that question.

SPF is how to answer that question. http://www.openspf.org/

Steve

---
Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561
www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve@xxxxxxxxxxx

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------------

Relevant Pages

  • RE: suspicious firewall rules in WinXP firewall
    ... When that site got taken down, DNS ... suspicious firewall rules in WinXP firewall ... I can ping out of these two machines, ... World renowned security experts reveal tomorrow's threats today. ...
    (Incidents)
  • Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}
    ... >> misconifigured servers, MTAs that aren't registered in the domains' DNS ... I'm not sure what you mean by "split inbound and outbound", ... World renowned security experts reveal tomorrow's threats today. ...
    (Incidents)
  • Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}
    ... I'm not sure what you mean by "split inbound and outbound", ... outbound MX host *should* be listed in DNS. ... World renowned security experts reveal tomorrow's threats today. ...
    (Incidents)
  • Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Ass
    ... You will also almost certainly have DNS problems running a domain behind ... server domain, with a DHCP server running on one of the 2003 boxes. ... the "inner" subnet can see the original subnet and the Internet, ... The .227 machines can see the machines on the 192.168.1.0 subnet and the ...
    (microsoft.public.windows.server.networking)
  • Re: Removing "permanently offline" DC...
    ... Make sure that at least one of these machines is a Global Catalog ... In the DNS console, use the DNS MMC to delete the cname ... If this was a DNS server before you brought it down, ... Event 13516 OR 13509 which indicate successful replication. ...
    (microsoft.public.windows.server.active_directory)