Date: Wed, 3 Feb 1999 23:14:48 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: jooji@webnology.com (Jasper O'Malley) Cc: tlambert@primenet.com, onemo@jps.net, billf@chc-chimes.com, cschuber@uumail.gov.bc.ca, freebsd-chat@FreeBSD.ORG Subject: Re: ports/9864: make rblcheck use relay.orbs.org instead of Message-ID: <199902032314.QAA09330@usr08.primenet.com> In-Reply-To: <Pine.LNX.4.02.9902031537040.17355-100000@mercury.webnology.com> from "Jasper O'Malley" at Feb 3, 99 03:40:13 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Then AOL will not accept mail from them, because the reverse name > > doesn't match the forward name. > > How do you figure? If I've got dialup1.me.com at 192.168.2.1, > dialup2.me.com at 192.168.2.2, and mail.customer.com at 192.168.2.3, why > wouldn't forward and reverse DNS match? Here's how AOL works: CONNECT peer = gethostbyaddr( getpeername()) peer = dialup1.me.com HELO bob.com helo = bob.com if helo != peer 525 No SPAM for you MAIL FROM:<friend@public.com> from_user = friend from_domain = public.com if !substring( from_domain, peer) 525 No SPAM for you my_name = gethostname() canon_name = gethostbyname( my_name) if from_domain != canon_name if to_domain != canon_name 525 No RELAY for you This is basically how everyone will work, sooner or later, barring use of identity certificates that can be DNS validated and are signed by an authority contractually bound to not sign them for SPAM'mers (the real be-all, end-all soloution for SPAM). If you you *statically* assign IP's, *AND* you correctly set up the reverse mapping to point to the domain name, then it will make it through the gauntlet. If, however, you assign dynamic IP's and you either *don't* use DDNS to set up a correct reverse record matching the domain, or you buy from a POP provider (like PSINet) such that you *can't* use DDNS to set up a correct reverse record matching the domain, then you are screwed. The way to unscrew yourself is to act as a relay for your customers with dialup accounts for which the reverse mapping doesn't match, and to enforce an AUP such that if one of your customer's abuses the relay, they lose access (otherwise, you are a SPAM-friendly ISP and your mail relay server will be RBL'ed). Basically all ISP's outgrow their allocable static IP address space, eventually, if they are successful in growing over time, and so they all get to the point where they have to assign dynamic IP's instead of giving out static IP's. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902032314.QAA09330>