NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-10

Re: Sender access restrictions by connecting back to the MX/A server(s)

From: Michael Tokarev (mjttls.msk.ru)
Date: Wed Oct 01 2003 - 18:50:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Guido Van De Velde wrote:
> Hi,
>
> One ISP which should accept our mails we send them, check not just the
> existence of the sender domain, but also connects back to the MX or A
> servers of the sender domain.
>
> Because of our complex internal structure and firewalling policy they
> cannot always reach those servers. They refuse those mails. They say
> it's more secure to check if the sender address exists (including the
> postmaster address of that domain).
>
> For instance a mail from userhost where host does exist and has regular
> dns A and PTR records, but its tcp/25 is protected by our firewall. I
> know it should be userdomain with mx'es reacheable from Internet, but
> is it up to someone else to judge on that ?

Think about all this as: they don't want to take responsibility for
the message they accepting unless they will be able to send a bounce
back in case something will be wrong. This is just one possible
description, not necessary their main concern (main concern should
be spam i think). Now look at this, from my mailqueue:

727BD29515 7086 Wed Oct 1 13:38:16 MAILER-DAEMON
(connect to dslam47-213-59-62.adsl.zonnet.nl[62.59.213.47]: Connection timed out)
atsdslam47-213-59-62.adsl.zonnet.nl

0605029510 22883 Wed Oct 1 21:35:28 MAILER-DAEMON
(connect to 36-15.240.81.adsl.skynet.be[81.240.15.36]: Connection timed out)
rtroth36-15.240.81.adsl.skynet.be

Those are spam. Accepted by the secondary MX who does not
know which users exists on primary. Here's the first
Received: line from first bounced message:

Received: from dslam47-213-59-62.adsl.zonnet.nl (dslam47-213-59-62.adsl.zonnet.nl [62.59.213.47])
         by hobbit.corpit.ru (Postfix) with SMTP id 72E9E29513
         for <johnrgs-podm.ru>; Wed, 1 Oct 2003 13:38:06 +0400 (MSD)
         (envelope-from atsdslam47-213-59-62.adsl.zonnet.nl)

Again: this is spam. Note the HELO string, reverse DNS,
sender address are all the same. This is a perfectly
"valid" envelope. But it is just this: fake, a nonsense.
The host in question never had a mailserver running, it
is trojaned machine with an open proxy installed by a
spammer. I'm seeing about 400000 similar delivery attempts
here *daily*.

I hope the above is sufficient to draw your own conclusion.

/mjt

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]