Security Incidents mailing list archives
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}
From: Valdis.Kletnieks () vt edu
Date: Mon, 16 Oct 2006 10:04:19 -0400
On Mon, 16 Oct 2006 02:29:56 EDT, you said:
I'm not sure what you mean by "split inbound and outbound", but any outbound MX host *should* be listed in DNS.
Again.. what is this "outbound MX" stuff? Can you point at *any* RFC that defines it?
You only list one - smtp.vt.edu.
Exactly, because that's the only place that you *should* try to send mail to if you expect it to get to an @vt.edu address. If we listed our main outbound server, and the load-balanced inbound farm was down for some reason, you'd be trying to send mail to our outbound server, which won't work because it's an *outbound* server.
192.82.162.213 is reversible, so it would get points for being honest about its IP/hostname, but it would lose points for not being listed in DNS as an MX.
You're missing the point, very badly. The *vast majority* of larger sites do this, and do not list their outbound servers in their MX list. See AOL, MSN, Yahoo, GMail, and pretty much everybody else who's running enough mail to need a seperate outbound server. Then go re-read RFC974, which discusses the use of DNS in mail routing. Specifically, this section: What the Domain Servers Know The domain servers store information as a series of resource records (RRs), each of which contains a particular piece of information about a given domain name (which is usually, but not always, a host). The simplest way to think of a RR is as a typed pair of datum, a domain name matched with relevant data, and stored with some additional type information to help systems determine when the RR is relevant. For the purposes of message routing, the system stores RRs known as MX RRs. Each MX matches a domain name with two pieces of data, a preference value (an unsigned 16-bit integer), and the name of a host. The preference number is used to indicate in what order the mailer should attempt deliver to the MX hosts, with the lowest numbered MX being the one to try first. Multiple MXs with the same preference are permitted and have the same priority. OK. Got that? An MX is *A HOST YOU SEND MAIL TO*. It's *NOT* a host that sends *you* mail. If sites were *expected* to list hosts that *send* mail in their MX list, why would we need any of the SPF variants? You wouldn't - the whole reason for SPF to exist is to tag *OUTBOUND* servers because the outbound list is different from the inbound list. So the end result is that you're asking the DNS a meaningless question, and getting back an answer that will probably apply to the majority of *legitimate* mail, and adding that in. Why don't you just save the DNS lookup and just add 0.75 to the score for *all* mail? ;)
Attachment:
_bin
Description:
Current thread:
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 16)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Rich Hart (Oct 17)
- Re: Massive SPAM Increase {-2.6} {-2.6} Steve Friedl (Oct 17)
- Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 16)