Re: [exim] Transparently faked domains

Top Page
This message is part of the following thread:
M+-++++\the complete thread tree sorted by date
MM\MMMMMIan Eiloart at <-
.MM 
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] Transparently faked domains
On 11/21/07 3:29 AM, "Marcin Krol" <admin@???> wrote:

> 1. Get revdns name for incoming IP.
>
> 2. Extract domain from envelope-from address. Remove leftmost subdomain
> (radca.lex.pl -> lex.pl) (this is done for sake of large email providers
> who send mail from hosts that are not their MXes, smth like
> smtp43.someprovider.com for outgoing mail and smtp.someprovider.com for
> incoming mail)
>
> 3. If string 2 doesn't contain string 1 (revdns name), the domain is
> faked and this could be used for things like increasing SA score or
> doing fakereject in Exim.
>
> Could this work? Pros? Cons?

If it were that easy, the game would have been over a dozen years ago.

Mail from ...@live.com and ...@msn.com comes (legitimately) from servers
named ...hotmail.com.

Many other examples. Large exception list. Constantly changing.

Forwarding (without SRS).

--John



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Rejecting everything[exim] Long retry times after successful pipe delivery->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)