[Dshield] Denying incoming email by reverse lookup of ISP DHCP-ed addresses

Stef stefmit at gmail.com
Fri Jun 17 15:46:12 GMT 2005


You all know how some of the ISPs started denying email from what are
home-based accounts, probably by doing a reverse lookup on the
incoming IP, and looking for strings "hinting" on the dynamic nature
of that IP assignment (e.g.

$ dig -x 71.130.65.214
<snipped irrelevant info>
;; ANSWER SECTION:
214.65.130.71.in-addr.arpa. 6028 IN     PTR    
adsl-71-130-65-214.dsl.irvnca.pacbell.net.
<snipped irrrelevant info> )

so my question is: does anyone know of a "canned" script, or add-on to
std email servers (sendmail, postfix, etc.), or a standalone third
party solution, with all the potential format of name-addresses like
the above, pre-built - before I start writing my own (perhaps going
after the email header's IP, and doing a reverse lookup of the
original IP, and rejecting the ones where the IP x.y.z.w resoved to a
name containing x-w-z-w ... but I am not sure if this is the rule for
all ISPs)?!?

TIA,
Stef

P.S. The IP address above is real, one of the many already infected
with the Netsky's of the world...




More information about the list mailing list