From owner-freebsd-security@FreeBSD.ORG Mon May 2 07:12:31 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1F791065670 for ; Mon, 2 May 2011 07:12:31 +0000 (UTC) (envelope-from cronfy@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id B99F58FC16 for ; Mon, 2 May 2011 07:12:31 +0000 (UTC) Received: by iwn33 with SMTP id 33so6251775iwn.13 for ; Mon, 02 May 2011 00:12:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=dMsW/zvROA+3PPn+XNfGG4uqsobRNk1r6qXXhk4LnD4=; b=LjaaKpWTbpDCIhZbeUF1IBsxcpRo2qriyUhFDnGXyt3L/Aeb1xbl0K+uGPnhrXmaik Moa0I3XLoBPV05+mD0ctugOg7sflRMX/38MDWBcjeoeBiqFKOdRp1CdVO1oSPqDD5BXb onx2EI9zxw5HnzhoF1n18R7ogizwqDr3oqK7o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=NrrstqwfjC6fKiwsdExANevyF6G0cjE4QOAdwAQjYOfQ8QNdhXfmnkfeQ5fXEoFEpy lnQeym0zcWDAbupCv8o3DW3Z0trVgKLjCkL9fvjb7Q9jCp3aFbFYcbbaFBWuIGTKvsCE LmVk6ST3KKKwnjXs5xxScwlCAI5CPpCcr4cM8= Received: by 10.231.17.4 with SMTP id q4mr3337773iba.81.1304318549251; Sun, 01 May 2011 23:42:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.169.129 with HTTP; Sun, 1 May 2011 23:41:59 -0700 (PDT) In-Reply-To: <3FF47F45-A59F-4542-A65E-6069300D9224@patpro.net> References: <349555.87646.qm@web120019.mail.ne1.yahoo.com> <3FF47F45-A59F-4542-A65E-6069300D9224@patpro.net> From: cronfy Date: Mon, 2 May 2011 10:41:59 +0400 Message-ID: To: freebsd-security@freebsd.org, gosand1982@yahoo.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: limiting pop access to gmail servers ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 07:12:32 -0000 Hi, > BUT, I suspect there are a LOT of possible IPs that google will use to po= p > mail > > from us ... > > You are right about that. According to my pop logs, my servers have > encounter about 1000 different IPs from google (920 actually). > Domain names are always like mail-[a-z][a-z][0-9]-[a-z][0-9][0-9]*. > google.com > By the way, I'm in europe, I'm not sure USA, Australia or Japan would see > the same gmail POP clients. > You can make active checks for incoming connections. If reverse DNS record is valid (ip -> resolves to name -> resolves to same ip) and it matches '.* google.com$' regexp, then it is Google. --=20 =D0=9E=D0=BB=D0=B5=D0=B3 =D0=9F=D0=B5=D1=82=D1=80=D0=B0=D1=87=D0=B5=D0=B2