From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Tue Sep 16 2003 - 20:03:54 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jason Fesler <jfeslergigo.com> writes:

> Some of you may have seen articles about Verisign effectively
> answering for *.com and *.net, for any domain name that is not
> otherwise registered. I'm particularly concerned
> about spammers who use fake domain names all of a sudden getting
> past the sender checks in postfix.
>
> Weitse++ for the policy daemon code he added. Weitse, you kick ass.
>
> I've created a filter that specifically compares sender addresses against
> bogus .net lookup addressess, and if the sender matches that wildcarded
> IP, reject the mail.
>
> http://gigo.com/ftp/pub/src/mfpitgdav.pl

Going to be expensive with Perl and extra IPC, no?

Looks like DNS blacklisting -- if we had it -- were more efficient.

Wietse said he'd have no good concept yet, but I know what must be part
of the concept: Treat particular IP addresses or net blocks (base
address/prefix length) as though NXDOMAIN had been issued.

BTW, it's about time to disappropriate VeriSign and replace the whole
[non-printable_word] by a non-profit, independent NGO outside of the US
(which have proven not to perform well in respect of preventing havoc).

--
Matthias Andree

Encrypt your mail: my GnuPG key ID is 0x052E7D95

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]