On Wed, Dec 01, 2004 at 08:54:00AM -0800, John Hardin wrote:
> On Wed, 2004-12-01 at 03:30, Paul L Daniels wrote:
> > An interesting idea was floated by my eyeballs recently for combatting
> > invalid email (especially since zombie machines are now rather
> > prevailant), what if you could fingerprint the sending server and
> > (say) deny all Win XP/95/98 machines from sending to port 25 were
> > which not on your own domain.
>
> Interesting idea. It sounds a little heavy to be doing for every inbound
> message, though, and it assumes that you're letting fingerprinting
> traffic out of your network - I, for example, block all NetBIOS and
> similar ports at my boundary, so fingerprinting wouldn't be useful.
>
> However, this sounds like it might be useful in Spamassassin: attempt to
> contact the sender on port 25, and add a little to the spamminess score
> if the connection is refused or times out.
>
> It might also be useful to try connecting to the backdoor ports for the
> better-known spam worms and add a few points if the connection succeeds.
There's no rule saying the sending computer has to be the one that
receives replies for the mail sent too. You can have mx records setup to
receive things sent from various machines. Think of the common virtual
domain where the hosting company may receive mail on it and mail is sent
from some other machine.
Verizon does some port 25 call-back stuff like this and it's horrid.
Their support doesn't even understand it.
Paul's original idea has more merit, but home firewalls and firewall
software may prevent that from being effective.
--
/*
Jason Philbrook | Midcoast Internet Solutions - Internet Access,
KB1IOJ | Hosting, and TCP-IP Networks for Midcoast Maine
http://f64.nu/ | http://www.midcoast.com/
*/
