Anti-spam SMTP mods
Kendrick-LUG
kulua at linux2themax.com
Wed Mar 10 00:10:43 CST 2004
Daniel Siemens wrote:
> SBC Yahoo DSL will set up reverse DNS for you if you ask them to do
> it. The first 3 levels of tech support have no idea what you are
> talking about it, but if you are persistent you will get it. I have
> static IP, not dynamic ip though.
>
> You are running servers on dynamic connections? Do you have any
> delays when you IP updates for DNS to correctly adjust? Which
> Dynamic DNS provider are you using? Are they any good?
>
>
>
>
> *From:* owner-kclug at kclug.org on behalf of Jonathan Hutchins
> *Sent:* Tue 3/9/2004 1:58 PM
> *To:* kclug at kclug.org
> *Subject:* Re: Anti-spam SMTP mods
>
> On Tuesday March 9 2004 12:04 pm, Daniel Siemens wrote:
>
> > If all admins would set up reverse DNS...
>
> Not all can. For instance, I can't unless I buy a commercial connection,
> because reverse DNS gives a RR pool hostname. It's bad enough that
> less than
> competent admins are blocking all "dynamic" IP addresses like mine.
>
> Blocking mail where there is _no_ valid reverse DNS is very
> effective. I did
> have that enabled, and when I had to un-block it (per my ISP's
> policies), the
> mail that came in was 100% spam. Some of that still gets by my beysian
> filters for some reason.
>
> I would recommend a combination of requiring that a reverse DNS
> exists, even
> if it doesn't match the server name presented, and using other
> measures like
> scoring mis-matched reverse DNS and dynamic IP addresses.
>
i have whyi.org and they are realy good. he has his servers update
information every 15 minuets if you change ip it only takes 15min max
before every one can find you again unless you are going through a
chache dns server. the banning of dynamic pools is ludicris how ever
doing a dns lookup of the sending system would solve alot of problims
90% of the senders use fake addresses or spoof the sending from part
either way checking to see if the from address works would fix alot how
ever i still say any business related email should come from a server/
personaly digital sighned message. ex rr.com should have a digital
certificate for all mail proceesed through thier servers so if some one
is spaming through rr.com's mail server they just look up the
certificate attached see it is rr.com's and start tracing from there.
if its a real business they culd either get a certificate for the mail
server and/or each person depending on need and it would be easily
tracked that way. no intentonal spam from them. any who dont follow
this could have thier bank account confiscated etc that would cut down
alot on spam problims. it wouldent be to hard from there to track down
where the non signed mail is coming from make it punishable per messag
offence.
there is a place that now does free digital certs for non ecommerce
applications i hope to set it up so that my systems work off of a
digital cert shortly
More information about the Kclug
mailing list