Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS
Raymond S Brand <rsbx@rsbx.net> Thu, 11 September 2003 16:39 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00398 for <asrg-archive@odin.ietf.org>; Thu, 11 Sep 2003 12:39:20 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xUT8-0006Uy-Mr for asrg-archive@odin.ietf.org; Thu, 11 Sep 2003 12:38:57 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8BGcs6R024974 for asrg-archive@odin.ietf.org; Thu, 11 Sep 2003 12:38:54 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xUT8-0006Uj-JG for asrg-web-archive@optimus.ietf.org; Thu, 11 Sep 2003 12:38:54 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00393 for <asrg-web-archive@ietf.org>; Thu, 11 Sep 2003 12:38:47 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19xUT7-0003BR-00 for asrg-web-archive@ietf.org; Thu, 11 Sep 2003 12:38:53 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19xUT6-0003BJ-00 for asrg-web-archive@ietf.org; Thu, 11 Sep 2003 12:38:52 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xUSJ-0006Ru-Cm; Thu, 11 Sep 2003 12:38:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xURs-0006LO-O5 for asrg@optimus.ietf.org; Thu, 11 Sep 2003 12:37:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA00333 for <asrg@ietf.org>; Thu, 11 Sep 2003 12:37:28 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19xURp-0003AK-00 for asrg@ietf.org; Thu, 11 Sep 2003 12:37:33 -0400
Received: from 226.48.93.66.in-addr.rsbx.net ([66.93.48.226] helo=mail.rsbx.net) by ietf-mx with esmtp (Exim 4.12) id 19xURV-00039g-00 for asrg@ietf.org; Thu, 11 Sep 2003 12:37:14 -0400
Received: from rsbx.net (localhost [127.0.0.1]) by mail.rsbx.net (8.9.3p2/8.9.3) with ESMTP id MAA02339 for <asrg@ietf.org>; Thu, 11 Sep 2003 12:36:59 -0400
Message-ID: <3F60A4AB.C47DECDC@rsbx.net>
From: Raymond S Brand <rsbx@rsbx.net>
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.17.crypt i686)
X-Accept-Language: en
MIME-Version: 1.0
To: ASRG list <asrg@ietf.org>
Subject: Re: [Asrg] 6. Proposals - RMX-like implementation via rDNS
References: <20030910063545.GC2082@m450>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Thu, 11 Sep 2003 12:36:59 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Have a (or another) look at DRIP; it achieves most of what you're looking for. http://www.ietf.org/internet-drafts/draft-brand-drip-01.txt Raymond S Brand waltdnes@waltdnes.org wrote: > > I'm not quite certain whether this should go in "6. Proposals" or > "7. BCP". It's a proposal that can be implemented by a change in > current practices. No re-writing of core software is required. The > idea is to allow MTA's to infer from IP addresses and/or rDNS, whether a > particular IP address is authorized to send email. > > Rationale > ========= > > Much of today's spam comes direct-to-MX via compromised home machines > on dynamic IP addresses. The dynamic nature of these IP addresses > reduces the effectiveness of DNSbls of compromised machines. The next > step is to pre-emptively block email from *ALL* dynamic addresses. The > problem is that there are so many, that the zones get huge. For > instance, RoadRunner is reported to have 24 SMTP servers and 15,696 /24 > DHCP blocks. Whitelisting the 24 SMTP servers, and blocking everything > else with an rDNS ending in "rr.com" would be much easier than blocking > 15,696 /24 DHCP blocks. An associated problem is keeping track of ISPs' > residential service address ranges as ISPs expand and get new blocks of > IP addresses. > > The proposal > ============ > > The proposal is that ISPs publish a list of their outbound email > servers and any static IP address ranges that are authorized to send > email direct-to-MX. All other IP addresses within the ISP's domain > would be assumed to be unauthorized to send email direct-to-MX. The > publishing could be on a web page. The addresses could be either > numeric, or rDNS patterns. A real-life example is AOL. > > - Their dialup IP addresses have rDNS ending with ipt.aol.com > - AOL attempts (not always successfully) to intercept outbound SMTP > connections direct-to-remote-MX from its dialups and relay them via > servers with rly-ipXX.mx.aol.com, where XX is a number from 00 to 99. > - Email sent from dialups via "official channels" (i.e. AOL's email > gateways) goes out via servers with rDNS ending imo-rXX.mx.aol.com. > > Thus, rejecting *.ipt.aol.com and rly-ip[0-9][0-9].mx.aol.com is > sufficient to block unauthorized senders using AOL's dialups. If your > MTA's pattern-matching isn't that flexible, you can hardcode in the > following rDNS or IP addresses... > > rly-ip01.mx.aol.com has address 205.188.156.49 > rly-ip02.mx.aol.com has address 152.163.225.160 > rly-ip03.mx.aol.com has address 64.12.138.7 > rly-ip04.mx.aol.com has address 64.12.138.8 > rly-ip05.mx.aol.com has address 64.12.138.9 > rly-ip06.mx.aol.com has address 205.188.156.51 > > That, plus *.ipt.aol.com, gives a grand total of 7 rDNS patterns to > block. This is much easier to handle than a DNSbl zone of dialups. > > To get an up-to-date list of rly-ipXX.mx.aol.com machines, run the > following script... > > #!/bin/bash > i=0 > while [ ${i} -lt 10 ] > do > j=0 > while [ ${j} -lt 10 ] > do > host rly-ip${i}${j}.mx.aol.com | grep -v "not found:" > j=$(( $j + 1 )) > done > i=$(( $i + 1 )) > done > > Advantages > ========== > > 1) This proposal does *NOT* require new types of DNS records or other > protocols. It can be implemented within the existing structure. AOL > already does this, an example that it can be done. > > 2) Lists of authorized sending addresses/rDNS-patterns will generally > be much smaller than lists of residential IP addresses. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 6. Proposals - RMX-like implementation via… waltdnes
- Re: [Asrg] 6. Proposals - RMX-like implementation… Marc A. Pelletier
- Re: [Asrg] 6. Proposals - RMX-like implementation… Brad Knowles
- Re: [Asrg] 6. Proposals - RMX-like implementation… waltdnes
- Re: [Asrg] 6. Proposals - RMX-like implementation… Brad Knowles
- Re: [Asrg] 6. Proposals - RMX-like implementation… Yakov Shafranovich
- Re: [Asrg] 6. Proposals - RMX-like implementation… Alan DeKok
- Re: [Asrg] 6. Proposals - RMX-like implementation… Raymond S Brand
- Re: [Asrg] 6. Proposals - RMX-like implementation… david nicol
- Re: [Asrg] 6. Proposals - RMX-like implementation… Alan DeKok
- [Asrg] 6. Proposals - RMX-like implementation via… Claus Assmann
- Re: [Asrg] 6. Proposals - RMX-like implementation… Yakov Shafranovich
- Re: [Asrg] 6. Proposals - RMX-like implementation… Jose Marcio Martins da Cruz
- Re: [Asrg] 6. Proposals - RMX-like implementation… Yakov Shafranovich
- Re: [Asrg] 6. Proposals - RMX-like implementation… Jose Marcio Martins da Cruz
- Re: [Asrg] 6. Proposals - RMX-like implementation… Yakov Shafranovich
- Re: [Asrg] 6. Proposals - RMX-like implementation… Jonathan Morton
- Re: [Asrg] 6. Proposals - RMX-like implementation… Yakov Shafranovich
- [Asrg] 6. Proposals - RMX-listing abstractions di… david nicol