Home page logo
/

basics logo Security Basics mailing list archives

RE: email address "spoofed"
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 10 Mar 2004 08:22:21 -0800

  A great many ISPs who hand out addresses via DHCP maintain a
set of generic reverse-DNS entries for their scopes.  On the one
hand, this greatly diminishes the value of this lookup as an
anti-spam measure; on the other hand, it avoids the particular
problem you describe.
  A more effective measure employed by several ISPs is to block
outbound SMTP at their borders, except for their own officially
sanctioned email server(s).  This cuts the propagation of viruses
with their own SMTP engine, and use of spam-sending packages with
their own, to virtually nil, and if they don't turn on the reverse
check, they can probably (*safely*) avoid setting up reverse 
records for their DHCP scopes.
  If your ISP allows arbitrary port 25 traffic to the world, but 
won't set up reverse ranges on its DNS servers, maybe you should
evaluate some of their competitors....

David Gillett


-----Original Message-----
From: Aditya, ALD [Aditya Lalit Deshmukh]
[mailto:aditya.deshmukh () online gateway technolabs net]
Sent: Wednesday, March 10, 2004 2:02 AM
To: gillettdavid () fhda edu; hometeam () goeaston net; 'security-basics'
Subject: RE: email address "spoofed"


Note that by now many SMTP servers reject mail unless they 
get *some*
answer on the reverse lookup; few spend much effort 
detecting spoofed 
HELO names, which often are made-up IP addresses or the name of the
receiving server (in hopes of bypassing any relay filters in place).


this is the case of the server on which the openssl mailing 
list run, the server will try to reverse resolve the domain 
if it does not get it responce it simply reject all the mail. 
this is good at cutting spam. but there is a problem who get 
his address assigned on a dhcp lease that expires every 8 
hours, of course all the forward dns records are updates as 
soon as this occurs but the reverse dns my isp refuses to set 
them up. so i have to use some very convuluted method to send 
mail to openssl mailing list.

i think, the server should try to forward resolve the dns 
name that it recieves in helo and if it does not match then 
reject, because setting up the reverse is in the hands of 
whoever controls the dns server. many times this is not 
someone who would setup and update the reverse records 

-aditya


______________________________________________________________
__________
Delivered using the Free Personal Edition of Mailtraq 
(www.mailtraq.com)


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault