[Dshield] Denying incoming email by reverse lookup of ISP DHCP-edaddresses
aaron at adldatacomm.net
Fri Jun 17 16:20:03 GMT 2005
It seems to me like I remember all of that built into the sendmail config.
Look around in the .cf file your using or look in the .mc file that it was
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Stef
> Sent: Friday, June 17, 2005 11:46 AM
> To: General DShield Discussion List
> Subject: [Dshield] Denying incoming email by reverse lookup of ISP
> You all know how some of the ISPs started denying email from what are
> home-based accounts, probably by doing a reverse lookup on the
> incoming IP, and looking for strings "hinting" on the dynamic nature
> of that IP assignment (e.g.
> $ dig -x 220.127.116.11
> <snipped irrelevant info>
> ;; ANSWER SECTION:
> 18.104.22.168.in-addr.arpa. 6028 IN PTR
> <snipped irrrelevant info> )
> so my question is: does anyone know of a "canned" script, or add-on to
> std email servers (sendmail, postfix, etc.), or a standalone third
> party solution, with all the potential format of name-addresses like
> the above, pre-built - before I start writing my own (perhaps going
> after the email header's IP, and doing a reverse lookup of the
> original IP, and rejecting the ones where the IP x.y.z.w resoved to a
> name containing x-w-z-w ... but I am not sure if this is the rule for
> all ISPs)?!?
> P.S. The IP address above is real, one of the many already infected
> with the Netsky's of the world...
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list