Security Basics mailing list archives

RE: Sorbs.net DNS Blacklist

From: "Jason Williams" <jwilliams () courtesymortgage com>
Date: Tue, 14 Mar 2006 09:59:17 -0800

The "proper" way to deal with this is to reject during the smtp

conversation, that way your mailserver will not generate the bounce
message and get stuck >in a blacklist.


<http://spamlinks.net/prevent-secure-backscatter.htm>



Very interesting. I did not know the ramifications that can occur from
backscatter. I appreciate the link.

Backscatter is bad, I hope you can find a way to fix your problem The

link explains it better than I can


Let me explain what I did, to make sure I don't contribute to the
problem.

I run a mailgateway, with Postfix, MailScanner and a couple of virus
scanners, plus spamassasin and other goodies.

I wrote a perl script that basically queries my domain controller and
pulls a list of legit employees who have email addresses. It updates the
file as needed (similar to what is posted above, but my setup is a
little different, so I needed to adjust it accordingly.) After that,
postmap the file, reload postfix, wallla. (Cron job runs nightly)

So as of 9:00am PST time, I have a relay_recipient list with only valid
users to accept email for. Anything that comes in with a non-legit email
address, gets rejected with a message explaining that the user is not a
valid email user.

Is that the correct way to do this? Any other caveats I should be aware
of?

Thanks



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

RE: Sorbs.net DNS Blacklist, (continued)
- - - RE: Sorbs.net DNS Blacklist Corey Watts-Jones (Mar 14)
  - RE: Sorbs.net DNS Blacklist David Gillett (Mar 13)
    - Re: Sorbs.net DNS Blacklist Dale Fay (Mar 13)
  - RE: Sorbs.net DNS Blacklist Dan Tesch (Mar 13)
  - Re: Sorbs.net DNS Blacklist John Mason Jr (Mar 13)
  - Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 13)
- Re: Sorbs.net DNS Blacklist jfvanmeter (Mar 10)
- RE: Sorbs.net DNS Blacklist Beilin Zhang (Mar 10)
  - RE: Sorbs.net DNS Blacklist Joseph (Mar 13)
- RE: Sorbs.net DNS Blacklist Dan Denton (Mar 13)
- RE: Sorbs.net DNS Blacklist Jason Williams (Mar 14)
  - Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 15)
- Re: RE: Sorbs.net DNS Blacklist souldream (Mar 15)
- RE: Sorbs.net DNS Blacklist Brad Berson (Mar 16)
- Re: Sorbs.net DNS Blacklist Cloy Tobola (Mar 21)
  - RE: Sorbs.net DNS Blacklist Jim Serino (Mar 21)
  - Re: Sorbs.net DNS Blacklist Devdas Bhagat (Mar 24)