Anti-spam SMTP mods

Kendrick-LUG kulua at linux2themax.com
Wed Mar 10 00:10:43 CST 2004 

Daniel Siemens wrote:

>  SBC Yahoo DSL will set up reverse DNS for you if you ask them to do 
> it.   The first 3 levels of tech support have no idea what you are 
> talking about it, but if you are persistent you will get it.   I have 
> static IP, not dynamic ip though.   
>  
> You are running servers on dynamic connections?   Do you have any 
> delays when you IP updates for DNS to correctly adjust?   Which 
> Dynamic DNS provider are you using?   Are they any good?    
>  
>  
>  
>
> *From:* owner-kclug at kclug.org on behalf of Jonathan Hutchins
> *Sent:* Tue 3/9/2004 1:58 PM
> *To:* kclug at kclug.org
> *Subject:* Re: Anti-spam SMTP mods
>
> On Tuesday March 9 2004 12:04 pm, Daniel Siemens wrote:
>
> > If all admins would set up reverse DNS...
>
> Not all can.  For instance, I can't unless I buy a commercial connection,
> because reverse DNS gives a RR pool hostname.  It's bad enough that 
> less than
> competent admins are blocking all "dynamic" IP addresses like mine.
>
> Blocking mail where there is _no_ valid reverse DNS is very 
> effective.  I did
> have that enabled, and when I had to un-block it (per my ISP's 
> policies), the
> mail that came in was 100% spam.  Some of that still gets by my beysian
> filters for some reason.
>
> I would recommend a combination of requiring that a reverse DNS 
> exists, even
> if it doesn't match the server name presented, and using other 
> measures like
> scoring mis-matched reverse DNS and dynamic IP addresses.
>
i have whyi.org and they are realy good.   he has his servers update 
information every 15 minuets if you change ip it only takes 15min max 
before every one can find you again unless you are going through a 
chache dns server.  the banning of dynamic pools is ludicris how ever 
doing a dns lookup of the sending system would solve alot of problims 
90% of the senders use fake addresses  or spoof  the sending from part 
either way checking to see if the from address works would fix alot  how 
ever i still say any business related email should come from a server/ 
personaly digital sighned message.  ex  rr.com should have a digital 
certificate for all mail proceesed through thier servers so if some one 
is spaming through rr.com's mail server they just look up the 
certificate attached see it is rr.com's and start tracing from there.  
if its a real business they culd either get a certificate for the mail 
server  and/or  each person  depending on need and it would be easily 
tracked that way.  no intentonal spam from them.   any who dont follow 
this could have thier bank account confiscated etc  that would cut down 
alot on spam problims.  it wouldent be to hard from there to track down 
where the non signed mail is coming from make it punishable per messag 
offence.

there is a place that now does free digital certs for non ecommerce 
applications i hope to set it up so that my systems work off of a 
digital cert shortly

More information about the Kclug mailing list