Re: [exim] Exim server behind NAT router (and HELO)

Top Page
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: Richard Clayton
CC: Exim User's Mailing List
Subject: Re: [exim] Exim server behind NAT router (and HELO)
[ On Wednesday, March 23, 2005 at 14:46:15 (+0000), Richard Clayton wrote: ]
> Subject: Re: [exim] Exim server behind NAT router (and HELO)
>
> You'll also find (if entirely bored) that the in-addr.arpa value doesn't
> mention highwayman.com ... but that sort of mismatch is hardly unusual
> for any machine and getting anal about that is going to reduce your
> circle of friends quite considerably :(


Well once again it's all about trust, isn't it.

In the DNS the meager trust available comes from comparing the results
of lookups within two separate zones of authority. In this case the
names clearly do no match so no trust can be granted and the hostname
must not be assumed to be valid. Any number of many possible attacks
could have delivered this apparently bogus information to my nameserver.

$ host -v -A mail.highwayman.com
Query about mail.highwayman.com for record types A
Found 1 address for host mail.highwayman.com
Hostname mail.highwayman.com maps to address 80.177.121.10
Checking mail.highwayman.com address 80.177.121.10
*** mail.highwayman.com address 80.177.121.10 maps to hostname happyday.demon.co.uk
*** Hostname mail.highwayman.com does not belong to address 80.177.121.10
*** Not all addresses for hostname mail.highwayman.com have a matching hostname.


Personally I like to be as certain of the validity of the hostnames as
is possible, especially when it comes to handling such a highly abused
protocol as SMTP.


> However there's no reason _whatsoever_ to believe that it will be a
> useful heuristic next month (there is overwhelming evidence of the
> extremely rapid evolution of spam sending techniques) but today, and
> probably even for the rest of the week, using it will make some people
> happy.


I've been quite surprised actually at just how long this has been the
_only_ heuristic necessary to block the vast majority of unwanted junk.

-- 
                        Greg A. Woods


H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>