RE: Final Words on "Educating RDNS violators" - Debunking the Myth's

["LordInfidel" <LordInfidel () directionweb com>]

I knew full and well that I was not going to change yours, or other staunch defenders of RDNS, minds.  That was never 
my intent, I was merely presenting the facts to the list as they appear in the RFC's.  If you or others wish to violate 
the RFC, then that is your choice.

Think about this though, if you are able to relay mail thru your ISP's SMTP server, which most ISPs allow you to do, 
then why run your own outbound SMTP server, that does not make sense.

The answer is, while most ISPs will allow their customers to relay mail thru their servers, they will only allow mail 
from their (the isps) domain name space.

Meaning, if you are hosting your own domain name or want to send from a domain other then your ISP's, you can't. 
Assuming I was an AOL customer, I can't send mail as directionweb.com thru AOl's smtp server.

When you say, *properly configured*, that was one of the Myth's I was dispelling (myth is a more polite term then 
'blatant mis-information').  RDNS is not a requirement for SMTP transmissions, which is why I came down on you and 
other supporters of RDNS.

The RFC's are there for a reason, people smarter then you and I have a deep understanding of the way the net is 
supposed to work, and we should obey those guidelines that they have set forth.  If you don't like the way the RFC is 
written though, make a request to change it (http://www.ietf.org/join.html), but don't disobey it and make claims that 
what you are saying is correct.

There are only 2 requirements for a SMTP server to identify itself, 1) a FQDN that maps to a valid IP or 2) a valid IP.

To give you an example, an smtp server (called homey) located in a pvt domain called bunk.local, can not advertise it's 
FQDN as homey.bunk.local to remote smtp servers.  This is because the root domain in this case, .local, is not a valid 
domain and can not be routed on the net.  homey has 2 options to send out mail, change it's advertised name in the HELO 
response it gives to other SMTP servers, or send a IP in place of a FQDN.

On the note of AV, a better practice for virus protection, is to use AV at the gateway and to employ extension blocking 
which sends any blocked extensions into a quarantined area.  This still allows the flow of legitimate e-mail, while 
removing the end users direct access to harmful files.  if a file that was blocked is legit, it can still be retrieved 
out of quarantine instead of permanently lost.

[ I hate to bring this up, but as a matter of semantics, there is no small r in RDNS; I had hoped that by correcting it 
in my posts that everyone else would catch on.  In fact RDNS is not even technically correct, since in RFC 2317 which 
governs it- reverse is written out in the proper, "Reverse", and pre-pended to the proper "DNS" to form "Reverse DNS", 
while "rdns" is never mentioned.

Reverse DNS, RDNS or rdns are found in other RFC's referencing it (Reverse DNS), but never rDNS (at least none that I 
have come across so there is still a chance I am wrong, and I have read allot of the rfc's.).  But when netwk engineers 
typically correspond to their peers, it is usually RDNS, using the relation of the capital R in Reverse found in rfc 
2317 as a guideline.  Since it is safe to assume that if the architects did not intended Reverse to be proper, the same 
as DNS, then they would of have written it as 'reverse DNS'.]

LordInfidel

-----Original Message-----
From: Derek Schaible [mailto:dschaible () cssiinc com]
Sent: Friday, September 03, 2004 9:16 AM
To: security-basics () securityfocus com
Cc: LordInfidel
Subject: Re: Final Words on "Educating RDNS violators" - Debunking
theMyth's


On Tue, 2004-08-31 at 17:38, LordInfidel () directionweb com wrote:

> Spam is a nuisance and there is a legitimate need to stop it.  Implementing
> RDNS is not the answer, at least not yet.  I say not yet, because it
> requires *ALL* ISP's, globally, to allow their customers to register
> their(isp customer) mail servers IP address into RDNS, regardless if you are
> a home dsl/cable user or a business, for it to work.

Actually, this is incorrect. 

It only requires that all ISP's provide their customers with an SMTP
server that has proper rDNS configured. You can still run an SMTP server
from whatever location: home/office - cable/DSL. You only need to use
your ISP's properly configured-for-rDNS SMTP server as a mail gateway.

This is why I say there are options at your disposal for getting around
your lack of rDNS control. You do have options, it's not a
false-dilemma.

OK, I really am finished with this thread now.
-- 
Derek Schaible <dschaible () cssiinc com>
CSSI, Inc.

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------