[Dshield] Denying incoming email by reverse lookup of ISP DHCP-edaddresses

Aaron Lewis aaron at adldatacomm.net
Fri Jun 17 16:20:03 GMT 2005


It seems to me like I remember all of that built into the sendmail config.
Look around in the .cf file your using or look in the .mc file that it was
compiled from.

ADL

> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Stef
> Sent: Friday, June 17, 2005 11:46 AM
> To: General DShield Discussion List
> Subject: [Dshield] Denying incoming email by reverse lookup of ISP
> DHCP-edaddresses
>
>
> You all know how some of the ISPs started denying email from what are
> home-based accounts, probably by doing a reverse lookup on the
> incoming IP, and looking for strings "hinting" on the dynamic nature
> of that IP assignment (e.g.
>
> $ dig -x 71.130.65.214
> <snipped irrelevant info>
> ;; ANSWER SECTION:
> 214.65.130.71.in-addr.arpa. 6028 IN     PTR
> adsl-71-130-65-214.dsl.irvnca.pacbell.net.
> <snipped irrrelevant info> )
>
> so my question is: does anyone know of a "canned" script, or add-on to
> std email servers (sendmail, postfix, etc.), or a standalone third
> party solution, with all the potential format of name-addresses like
> the above, pre-built - before I start writing my own (perhaps going
> after the email header's IP, and doing a reverse lookup of the
> original IP, and rejecting the ones where the IP x.y.z.w resoved to a
> name containing x-w-z-w ... but I am not sure if this is the rule for
> all ISPs)?!?
>
> TIA,
> Stef
>
> P.S. The IP address above is real, one of the many already infected
> with the Netsky's of the world...
>
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list