 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-usersRE: [courier-users] Email hijacking| From | Sent On | Attachments |
|---|---|---|
| tros...@juniper.net | Aug 19, 2003 5:01 pm | |
| Mitch (WebCob) | Aug 19, 2003 9:39 pm | |
| Mark Trostler | Aug 19, 2003 10:57 pm | |
| James A Baker | Aug 19, 2003 11:16 pm | |
| Mitch (WebCob) | Aug 20, 2003 12:44 am | |
| Theo Cabrerizo Diem | Aug 20, 2003 1:29 am | |
| list...@serv.ch | Aug 20, 2003 6:51 am | |
| Mark Trostler | Aug 21, 2003 8:10 pm | |
| Mitch (WebCob) | Aug 21, 2003 8:57 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | RE: [courier-users] Email hijacking | Actions... |
|---|---|---|
| From: | Mitch (WebCob) (mit...@webcob.com) | |
| Date: | Aug 19, 2003 9:39:44 pm | |
| List: | net.sourceforge.lists.courier-users | |
Very simply don't think it would work - requiring the mail to be SENT from the server that is used to RECEIVE mail for a domain is not part of any spec I am aware of - in fact many people I know including myself separate sending functions from receiving functions - not to mention the confusing caused when servers like courier which virtual host send mail for hundreds of domains from a single IP (with a single reverse lookup).
IF you could implement this, you would only end up rejecting mail that you probably want, and wouldn't fix the fact that other people are abusing your domain elsewhere cause you can't make them run your MTA of choice.
In a perfect world, better security would be built into a lot of protocols - it's shoe-horning it into them after they are in use that's a challenge.
m/
-----Original Message----- From: cour...@lists.sourceforge.net [mailto:cour...@lists.sourceforge.net]On Behalf Of tros...@juniper.net Sent: Tuesday, August 19, 2003 2:42 PM To: cour...@lists.sourceforge.net Subject: [courier-users] Email hijacking
After having email addresses in my domains hijacked (both users that exist & those that don't) left, right, and center I can't take it anymore! Is it possible/insane to have esmtpd (& any other MTA) do a reverse DNS check on the MAIL FROM address to ensure that the domain specified there match the domain of the sending machine? I don't care if it takes a couple extra seconds to do that check, endless email hijacking is totally ridiculous & HAS to stop. I'm stick of seeing zillions of bounces from spam emails no one in my domain ever sent. SO someone please tell me what's so horrible about:
1. client connects & sends MAIL FROM address 2. server reverse DNSs the client's IP 3. if the domain doesn't match the domain in the FROM address or the IP is not resolvable the email is rejected
OR
1. client connects & sends MAIL FROM address 2. server DNSs the MX record for the domain in the FROM address 3. if the IP of client does NOT match one of the MX records for that domain the email is rejected. If domains want to allow other machines than their mail servers to be able to send emails using their domain they can add them with a very high MX priority so they never actually get used as a mail server BUT do show as legtimate sources of mail traffic for that domain
of course everyone across the internet would have to do this BUT if they DID then we REALLY cut down on spam - & virtually totally eliminate email hijacking.
Again who really cares about the extra 1 second or so the DNS lookups will take - & of course most likely they're cached locally anyway after the first hit.
Currently our mail infrastructure is setup to first accept and THEN see if there's something wrong with the message - HOWEVER with the tidal wave of spam that now is more numerous than legit email this paradigm needs to be switched: email should first be REJECTED UNLESS there's compelling reasons to be accepted...
Of course these same checks could also be done the 'From:' & 'Reply-To:' headers - which I also think is a good idea but requires more intervention & maybe someone has a problem with looking into the headers BUT with spam being WAY out of control we gotta take more serious steps to stem the tide.
whatcha'll think? Mark
------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users