Re: [Asrg] 0. General

[Richard Rognlie <rrognlie@gamerz.net>]

On Wed, Oct 22, 2003 at 05:51:17AM +0200, Markus Stumpf wrote:
> On Tue, Oct 21, 2003 at 02:40:41PM -0400, Denny Figuerres wrote:
> > Well I am thinking of a few things... I just got a reply that mentioned
> > "RMX" which sounds close to what I am thinking.
> 
>     http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-02.txt
>     http://www.ietf.org/internet-drafts/draft-fecyk-dsprotocol-04.txt
>     http://www.ietf.org/internet-drafts/draft-brand-drip-02.txt
>     http://www.irtf.org/asrg/draft-vixie-repudiating-mail-from.txt
>     http://spf.pobox.com/draft-mengwong-spf-01.txt 
>     http://nospam.couchpotato.net/
> 
> Choose one. They all break all sorts of existing Internet mail structure
> like oversized DNS packets or totally breaking forwards.

As one of the authors of DRIP, I protest.  it does not break anything.
it simply allows a site to check the validity of a connection coming from
IP x.y.z.t and claiming to be mail.gamerz.net on the EHLO line

It's not much of an anti-spam widget, but it is very useful for the
malware virii that are wreaking such havoc on the net these days.

e.g.   as the owner of gamerz.net, I can specify in simple DNS A records
that play.gamerz.net MUST be coming from 66.92.144.25

    *.ipv4.relays._email_.play.gamerz.net.              IN A 0.0.0.0
    66_92_144_25.ipv4.relays._email_.play.gamerz.net.   IN A 66.92.144.25

in addition, I can prevent any other use of anything ending in 
gamerz.net with the setting up of

    *.ipv4.relays._email_.gamerz.net.              IN A 0.0.0.0

So now, a site using an MTA that is DRIP aware, gets HELO command
claiming to be play.gamerz.net... if the IP is NOT 66.92.144.25,
you can reject the msg (or use that info as part of your scoring
or whatever).

If you get a connection from foobar.gamerz.net, you'll lookup
x_y_z_t.ipv4.relays._email_.foobar.gamerz.net and get NXDOMAIN
one thing the draft recommends is that you strip the leading
domain part and try again (in an effort to see if the domain
supports DRIP at all)

This time you'd look for x_y_z_t.ipv4.relays._email_.gamerz.net 
and get back 0.0.0.0.  This tells you that gamerz.net support DRIP
and that the HELO argument as stated is bogus.

And remember, I'm not specifying that mail from rrognlie@gamerz.net
has to come from "the" gamerz.net RMX... just taht the HELO line
claiming to be play.gamerz.net (my MTA) must be the specified
IP (or one of the specified IPs).

So, we don't break forwarding at all.  And I've been having quite 
good luck with blocking all kinds of mail directed at my domain
claiming a HELO line of my domain (when the IPs in question have
absolutely nothing to do with me).

The miltered version of DRIP is available at

    ftp://ftp.gamerz.net/pub/dripmilter.pl

-- 
 /  \__  | Richard Rognlie / Oracle Prophet / Gamerz.NET Lackey
 \__/  \ | http://www.gamerz.net/rrognlie/    <rrognlie@gamerz.net>
 /  \__/ | 
 \__/    | CAUTION: may contain Mature material......but I doubt it.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg