VeriSign SMTP reject server updated
jlewis at lewis.org
jlewis at lewis.org
Mon Sep 22 02:00:16 UTC 2003
On Sat, 20 Sep 2003, Avleen Vig wrote:
> > > We are interested in feedback on the best way within the SMTP protocol
> > > to definitively reject mail at these servers. One alternate option we
> > [snip]
>
> The correct "solution" is to remove the wildcarding.
> Until that happens, the best thing to do IS accept and then reject mail.
> This is significantly better than leaving it to expire in a spool after
> 5 days.
Did someone already suggest adding an MX to the * record that points to a
nonexistent host (obviously in some other TLD)? At least in my
environment (sendmail/bind9/Linux), I can setup a wildcard record with an
A
record and an MX record pointing to a bogus host, and mail bounces
immediately.
550 5.1.2 <jlewis at nomail.wild.lewis.org>... Host unknown (Name server:
nomail.invalid.: host not found)
I think the whole wildcards in .com/.net is a bogus idea...but this sort
of setup would at least keep lots of mail from trying to get delivered to
VeriSlime. I've already had to fix one old SpamAssassin installation that
was scoring mail based on hits in one of the dorkslayers.com dnsbls that
no longer exists. It seems dorkslayers.com has decided to fix this by
registering some name servers again. Until recently, they'd taken the
name server records off the domain, and so VeriSlime had hijacked
dorkslayers.com, turning it and all its subzones into a 0/0 dnsbl.
modified: 2003-09-16 15:52:46 UTC JORE-1
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list