[Dshield] Denying incoming email by reverse lookup of ISP DHCP-edaddresses

Aaron Lewis aaron at adldatacomm.net
Fri Jun 17 16:20:03 GMT 2005

It seems to me like I remember all of that built into the sendmail config.
Look around in the .cf file your using or look in the .mc file that it was
compiled from.


> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Stef
> Sent: Friday, June 17, 2005 11:46 AM
> To: General DShield Discussion List
> Subject: [Dshield] Denying incoming email by reverse lookup of ISP
> DHCP-edaddresses
> You all know how some of the ISPs started denying email from what are
> home-based accounts, probably by doing a reverse lookup on the
> incoming IP, and looking for strings "hinting" on the dynamic nature
> of that IP assignment (e.g.
> $ dig -x
> <snipped irrelevant info>
> 6028 IN     PTR
> adsl-71-130-65-214.dsl.irvnca.pacbell.net.
> <snipped irrrelevant info> )
> so my question is: does anyone know of a "canned" script, or add-on to
> std email servers (sendmail, postfix, etc.), or a standalone third
> party solution, with all the potential format of name-addresses like
> the above, pre-built - before I start writing my own (perhaps going
> after the email header's IP, and doing a reverse lookup of the
> original IP, and rejecting the ones where the IP x.y.z.w resoved to a
> name containing x-w-z-w ... but I am not sure if this is the rule for
> all ISPs)?!?
> TIA,
> Stef
> P.S. The IP address above is real, one of the many already infected
> with the Netsky's of the world...
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list