[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Speaking of Stopping Spam
- Subject: RE: [cobalt-users] Speaking of Stopping Spam
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Tue Sep 16 12:47:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
DK> Date: Mon, 15 Sep 2003 21:08:21 -0400
DK> From: Dan Kriwitsky
DK> I think we need a method to make our servers authoritative
DK> for 64.94.110.0/24 in named somehow. (Not my field of
Actually, this isn't needed.
DK> expertise.) So that when Sendmail does it's thing and the
DK> sending domain resolves to 64.94.110.0/24 the mail will get
DK> rejected.
DK>
DK> Any ideas out there?
http://achurch.org/bind-verisign-patch.html
has a _very dirty_ hack for BIND8. Alas, it's hardcoded (15M TTL
could cause trouble), and BIND9 is totally different.
My thoughts are for resolvers to identify rogue IP addresses, and
keep them in a table. When a response contains an A RR matching
one of the rogues, rewrite the response to NXDOMAIN with the
TLD's SOA in the authority section... IOW, kludge the results to
what a legitimate gTLD server would return.
I began digging through BIND9 source last night, but it scares
me. I think I've identified the proper place to hack packets,
but haven't yet determined where to build a list of rogue IPs.
Normal work, including the OpenSSH fun, has kept me busy. :-/
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@xxxxxxxxx -or- alfra@xxxxxxxx -or- curbjmp@xxxxxxxx
Sending mail to spambait addresses is a great way to get blocked.