Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   No DNS consistency checks in Debian spam filter? (http://www.linux-archive.org/debian-user/32181-no-dns-consistency-checks-debian-spam-filter.html)

Mike Bird 01-08-2008 04:20 PM

No DNS consistency checks in Debian spam filter?
 
The single most powerful and most efficient spam filter test is to
verify DNS consistency. Judging by the spam now swamping
these lists, Debian does not employ such a test.

In Postfix, including reject_unknown_client_hostname at an
appropriate spot in smtpd_client_restrictions does the trick.

Alternatively, us old PERL bashers iterate over all PTR records
for the IP address, and for each of those PTR records we iterate
over all the A records, and we only accept the connection if at
least one of those A records contains the connecting IP.

Unfortunately, once Debian has accepted this garbage and
forwarded it to a million victims, its much harder to block.

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

John Hasler 01-08-2008 05:44 PM

No DNS consistency checks in Debian spam filter?
 
Mike Bird writes:
> The single most powerful and most efficient spam filter test is to verify
> DNS consistency. Judging by the spam now swamping these lists, Debian
> does not employ such a test.

Debian uses SMTP-time anti-spam methods. For a short time the list was not
going through spamassassin but I believe that the SMTP-time stuff was still
in effect. The problem has been fixed now, of course.

> Unfortunately, once Debian has accepted this garbage and forwarded it to
> a million victims, its much harder to block.

Spamassassin blocked most of it here.

--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Mike Bird 01-08-2008 06:07 PM

No DNS consistency checks in Debian spam filter?
 
On Tue January 8 2008 10:44:06 John Hasler wrote:
> Mike Bird writes:
> > The single most powerful and most efficient spam filter test is to verify
> > DNS consistency. Judging by the spam now swamping these lists, Debian
> > does not employ such a test.
>
> Debian uses SMTP-time anti-spam methods. For a short time the list was not
> going through spamassassin but I believe that the SMTP-time stuff was still
> in effect. The problem has been fixed now, of course.

No, I checked headers during the flood. Debian was forwarding spam
directly received from hosts with PTR records without matching A records.

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

John Hasler 01-08-2008 08:30 PM

No DNS consistency checks in Debian spam filter?
 
Mike Bird writes:
> No, I checked headers during the flood. Debian was forwarding spam
> directly received from hosts with PTR records without matching A records.

That just means it doesn't use your favorite method (because many ISPs have
broken DNS).
--
John Hasler


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Shane D" 01-08-2008 08:55 PM

No DNS consistency checks in Debian spam filter?
 
My oppinion is that we just give up on the spam. It happenned, it's
over, just stop.

On 1/8/08, John Hasler <jhasler@debian.org> wrote:
> Mike Bird writes:
> > No, I checked headers during the flood. Debian was forwarding spam
> > directly received from hosts with PTR records without matching A records.
>
> That just means it doesn't use your favorite method (because many ISPs have
> broken DNS).
> --
> John Hasler
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>


--
-Shane
Blog: http://blind-geek.com/blog/
CoOwner: http://sjtechzone.com
AIM: inhaddict
Skype: chatter8712


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Mike Bird 01-08-2008 09:12 PM

No DNS consistency checks in Debian spam filter?
 
On Tue January 8 2008 13:30:22 John Hasler wrote:
> Mike Bird writes:
> > No, I checked headers during the flood. Debian was forwarding spam
> > directly received from hosts with PTR records without matching A records.
>
> That just means it doesn't use your favorite method (because many ISPs have
> broken DNS).

Hmm, I'm postmaster and maintainer for quite a lot of Linux mail servers,
mostly Debian/Postfix and some Fedora/QMail. Several years ago when we
started enforcing consistent rDNS we'd get about one complaint per month
related to ISPs with broken rDNS. I don't think we had any such complaints
in 2007.

If in 2008 Debian is not enforcing rDNS consistency checks at SMTP-connect
time then Debian is doing a poor job of blocking spam. Worse - Debian is
unnecessarily relaying millions of spams per day. Once relayed, those spams
become much harder to block.

Please reconsider.

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Joe 01-09-2008 02:04 PM

No DNS consistency checks in Debian spam filter?
 
Mike Bird wrote:

On Tue January 8 2008 13:30:22 John Hasler wrote:

Mike Bird writes:

No, I checked headers during the flood. Debian was forwarding spam
directly received from hosts with PTR records without matching A records.

That just means it doesn't use your favorite method (because many ISPs have
broken DNS).


Hmm, I'm postmaster and maintainer for quite a lot of Linux mail servers,
mostly Debian/Postfix and some Fedora/QMail. Several years ago when we
started enforcing consistent rDNS we'd get about one complaint per month
related to ISPs with broken rDNS. I don't think we had any such complaints
in 2007.

If in 2008 Debian is not enforcing rDNS consistency checks at SMTP-connect
time then Debian is doing a poor job of blocking spam. Worse - Debian is
unnecessarily relaying millions of spams per day. Once relayed, those spams
become much harder to block.

Please reconsider.



Oddly, exim4 on Debian does this by default and it is effective. Another
thing that helps is to ask for an ident. Exim4 also does this by
default, and doesn't require an answer but waits 30 seconds for one
before continuing the SMTP session. Any legitimate server will happily
wait for 30 seconds, most spammers won't, making it a cheap sanction.


Really, if I, as a one-man-band leasing one IP address from someone
else, can organise a complementary A-PTR pair, I don't see why anyone
charging money and calling themselves an ISP can't.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 12:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.