RE: MAIL FROM: <>
From: Mark Medici (mark@dbma.com)Date: 01/07/02
- Previous message: root: "FireWall Comparision"
- Maybe in reply to: Octavio / Super: "MAIL FROM: <>"
- Next in thread: Jared C. Lovell: "Re: MAIL FROM: <>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Jan 2002 15:09:01 -0500 From: "Mark Medici" <mark@dbma.com> To: "Octavio / Super" <alvarezp@telnor.net>
> How can I deny all MAIL FROM: <> commands from hosts which
> are not MX for a domain?
You need to provide more information about the environment you're
working with. If you're running MS-Exchange on MS-Windows, I don't
think there's a mechanism available to do this type of checking.
However, if you're in a UNIX environment of some type, depending on
your mailer, you can pass incoming messages through a script that
could parse and validate the mail server name and IP address.
What you're likely to find, however, is that this isn't a workable
solution in the real world. For example, a large company with many
locations will likely have a mail server at each location, and each
server will likely be configured to forward outgoing e-mail directly
to the recipient (this is the most efficient and reliable method).
However, incoming mail is likely to be forced through one or two
"advertised" MX systems for the domain, where it can get checked for
viruses and then re-routed to the proper internal mailbox server
for the specified user. So it's very likely that valid e-mail from
real mail servers would be blocked.
The other problem you'll run into, as we have here using MS-Exchange,
is that some domains don't setup PTR zones for reverse (IP to name)
lookups. In order to verify the incoming machine name you have to
take its IP address and perform a reverse DNS lookup. Then you can
parse this into hostname and domain name, and determine whether you
want to reject mail from the domain (as we tried with MS-Exchange),
or run a script to identify the MX's and attempt to match the server
IP to the MX IP. This will all fail if there are no PTR zones
setup for the server.
It is also very likely that, when PTR zones exist, they contain only
dummy information to avoid possibly giving away information that
might be beneficial to an intruder.
So, while this would be an interesting programming exercise, I don't
think it will achieve the intended results without some significant
problems (i.e., potential lost mail from important customers).
______________________________________________________________________
Mark A. Medici | DBM Associates -=]#[=- Computer Sales and Services
Sr. Systems Eng.| One Salem Square #104W, Whitehouse Station, NJ 08889
mark@dbma.com | Phone: 908-534-1665 Fax: 908-534-1244 www.dbma.com
> -----Original Message-----
> From: Octavio / Super [mailto:alvarezp@telnor.net]
> Sent: Friday, January 04, 2002 5:41 PM
> To: security-basics@securityfocus.com
> Subject: MAIL FROM: <>
>
>
> Hello!
>
> How can I deny all MAIL FROM: <> commands from hosts which
> are not MX for a domain?
>
> Thanks, Octavio.
>
>
- Previous message: root: "FireWall Comparision"
- Maybe in reply to: Octavio / Super: "MAIL FROM: <>"
- Next in thread: Jared C. Lovell: "Re: MAIL FROM: <>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
