From owner-freebsd-chat Wed Feb 3 15:15:21 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA13227 for freebsd-chat-outgoing; Wed, 3 Feb 1999 15:15:21 -0800 (PST) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from smtp01.primenet.com (smtp01.primenet.com [206.165.6.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA13221 for ; Wed, 3 Feb 1999 15:15:18 -0800 (PST) (envelope-from tlambert@usr08.primenet.com) Received: (from daemon@localhost) by smtp01.primenet.com (8.8.8/8.8.8) id QAA11901; Wed, 3 Feb 1999 16:15:08 -0700 (MST) Received: from usr08.primenet.com(206.165.6.208) via SMTP by smtp01.primenet.com, id smtpd011750; Wed Feb 3 16:15:05 1999 Received: (from tlambert@localhost) by usr08.primenet.com (8.8.5/8.8.5) id QAA09330; Wed, 3 Feb 1999 16:14:49 -0700 (MST) From: Terry Lambert Message-Id: <199902032314.QAA09330@usr08.primenet.com> Subject: Re: ports/9864: make rblcheck use relay.orbs.org instead of To: jooji@webnology.com (Jasper O'Malley) Date: Wed, 3 Feb 1999 23:14:48 +0000 (GMT) Cc: tlambert@primenet.com, onemo@jps.net, billf@chc-chimes.com, cschuber@uumail.gov.bc.ca, freebsd-chat@FreeBSD.ORG In-Reply-To: from "Jasper O'Malley" at Feb 3, 99 03:40:13 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Then AOL will not accept mail from them, because the reverse name > > doesn't match the forward name. > > How do you figure? If I've got dialup1.me.com at 192.168.2.1, > dialup2.me.com at 192.168.2.2, and mail.customer.com at 192.168.2.3, why > wouldn't forward and reverse DNS match? Here's how AOL works: CONNECT peer = gethostbyaddr( getpeername()) peer = dialup1.me.com HELO bob.com helo = bob.com if helo != peer 525 No SPAM for you MAIL FROM: from_user = friend from_domain = public.com if !substring( from_domain, peer) 525 No SPAM for you my_name = gethostname() canon_name = gethostbyname( my_name) if from_domain != canon_name if to_domain != canon_name 525 No RELAY for you This is basically how everyone will work, sooner or later, barring use of identity certificates that can be DNS validated and are signed by an authority contractually bound to not sign them for SPAM'mers (the real be-all, end-all soloution for SPAM). If you you *statically* assign IP's, *AND* you correctly set up the reverse mapping to point to the domain name, then it will make it through the gauntlet. If, however, you assign dynamic IP's and you either *don't* use DDNS to set up a correct reverse record matching the domain, or you buy from a POP provider (like PSINet) such that you *can't* use DDNS to set up a correct reverse record matching the domain, then you are screwed. The way to unscrew yourself is to act as a relay for your customers with dialup accounts for which the reverse mapping doesn't match, and to enforce an AUP such that if one of your customer's abuses the relay, they lose access (otherwise, you are a SPAM-friendly ISP and your mail relay server will be RBL'ed). Basically all ISP's outgrow their allocable static IP address space, eventually, if they are successful in growing over time, and so they all get to the point where they have to assign dynamic IP's instead of giving out static IP's. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message