On 27 May 2014, at 13:19 , James B. Byrne <byrn...@harte-lyne.ca> wrote:
> Without going into a lot of detail and without naming names I wish to know if, > at the time of connection to Postfix, there exists any feasible means of > determining the registrar used by the connecting domain? Not really. Even if you wrote a milter or local rbl and used something like greylisting to give you time to do the lookups, you would probably run into problems with making many whois queries. Not only that, but every registrar seems to return info in different forms, so parsing the data will be difficult. > As well, I would like to know is there any practical means of determining at > the time of smtp connection by direct enquiry of a registrar when the > connecting domain was registered and block all connections from all > non-whitelisted domains registered within the past N days? Same problem. > I am aware of the 'Day Old Bread' RBL / Greylist is used by SpamAssassin but > after some investigation I have come to the belief that a registrar is in fact > behind the latest spam attack we have encountered. Our experience is that by > the time DOB is updated the domain is no longer generating mail at all. Given > the remote possibility that any domain registered with that registrar would > ever have a legitimate reason to contact us I wish to simply deny access to > our servers from any domain registered with them. Given the equal > implausibility of a newly registered domain having any legitimate need I wish > also to block these. You could modify a greylist setup to keep track of domains sending you mail and not allow a new domain for x days if you've never seen them before. I doubt this is a good idea, but you could certainly investigate it. -- Dinosaurs are attacking! Throw a barrel!
