Changes in Version 4.77.10-1
Gary Faith
gafaith at asdm.net
Wed Jun 17 04:31:31 IST 2009
After re-reading you explanation about spoofing, etc. I think I need to
clarify what I was thinking so you can tell me it won't work like that.
:-)
My thoughts were that the system that has a dynamic IP automatically
registers it's IP with DynDNS every time the IP address changes so
host.domain.com A {dynamic IP}
is always up pointing to the system. Since the IP changes every time
so does the PTR record making it impossible to base a rule. So I always
know the IP from a forward DNS query (DynDNS) and it will never match
the reverse.
I figured that the sending system would say that I am host.domain.com,
a check of DNS would give the IP address and a comparison would be done
to see if the IP address is the same as the IP that made the connection.
That way I don't need to check the reverse DNS.
Or is it going to blindly accept the name given in the helo/ehlo
handshake and if so, I agree that would be easily spoofable. Am I
thinking this right?
Thanks again,
Gary
>>> Julian Field <MailScanner at ecs.soton.ac.uk> 6/15/2009 3:17 PM >>>
On 15/06/2009 19:28, Julian Field wrote:
>
>
> On 15/06/2009 19:09, Gary Faith wrote:
>> Yes, I have mail being sent from a dynamic IP address with a host
>> name I know but the IP will change. Can you provide a way to turn
>> off the anti-spoof checking? If not now, in future releases?
> I will add a switch for you. But it does make defeating the name
> lookup into a very simple thing for a spammer/attacker to do against
you.
I have implemented it by you using
host-nocheck:hostname.domain.com
instead of
host:hostname.domain.com
in the condition in a line in a ruleset.
I can see how this might be useful should you be needing to test
against
a dynamic IP address, in which case you will have a DNS PTR record but
no DNS A record.
This will hopefully solve your problem nicely.
It will be in the next release.
>> >>> Kai Schaetzl <maillists at conactive.com> 6/14/2009 3:31 AM >>>
>> Julian Field wrote on Sat, 13 Jun 2009 15:41:24 +0100:
>>
>> > Just use the IP addresses instead of the hostnames. Trivial,
surely?
>>
>> But he doesn't know them.
>>
>> Kai
>>
>> --
>> Kai Schätzl, Berlin, Germany
>> Get your web at Conactive Internet Services:
http://www.conactive.com
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> Jules
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Follow me at twitter.com/JulesFM
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090616/f5c88a8b/attachment.html
More information about the MailScanner
mailing list