Auteur: John W. Baxter Date: À: exim-users Sujet: Re: [exim] Transparently faked domains
On 11/21/07 3:29 AM, "Marcin Krol" <admin@???> wrote:
> 1. Get revdns name for incoming IP.
>
> 2. Extract domain from envelope-from address. Remove leftmost subdomain
> (radca.lex.pl -> lex.pl) (this is done for sake of large email providers
> who send mail from hosts that are not their MXes, smth like
> smtp43.someprovider.com for outgoing mail and smtp.someprovider.com for
> incoming mail)
>
> 3. If string 2 doesn't contain string 1 (revdns name), the domain is
> faked and this could be used for things like increasing SA score or
> doing fakereject in Exim.
>
> Could this work? Pros? Cons?
If it were that easy, the game would have been over a dozen years ago.
Mail from ...@live.com and ...@msn.com comes (legitimately) from servers
named ...hotmail.com.
Many other examples. Large exception list. Constantly changing.