Identifying residential CPE IP addresses? (was: SORBS on autopilot?)

Steven Champeon schampeo at hesketh.com
Tue Jan 12 14:59:01 CST 2010


on Tue, Jan 12, 2010 at 02:59:55PM -0500, Jed Smith wrote:
>   4. For other reasons laid out in this thread, PTR is not the best choice.
>      Additionally, administrators of mailservers who have no idea what a PTR
>      is -- although their entry fee to the Internet mail system is debatable
>      it will not be discussed here -- are now punished by blocklists like
>      SORBS and Trend Micro with the simple crime of not knowing to PTR their
>      mail server with something that screams "static allocation, not CPE".

Mild correction: it's FAR BETTER to use something that screams

I AM A MAIL SERVER WITH A LEGITIMATE PURPOSE AND A COMPETENT ADMIN

rather than just using yet another generic static naming convention. :-)
Because using generic static naming is falling victim to the rather
baseless assumption that all statics should be allowed to send mail,
which is just ridiculous. We've got a /27 (we're a web app dev shop) and
only one of those IPs is a mail source, one is a NAT, one is a VPN box,
several others run Web servers and other services, and so could possibly
emit mail but likely only to us, and we can always whitelist if need be.
I assume that the case is similar in other organizations; their static
IPs far outnumber their canonical mail servers.

Of course, I asked for appropriate custom PTRs for all of them, but
still - the point stands, especially for those who think that generic
static PTRs are sufficient for a modern mail infrastructure. I don't
care who your ISP is, I care who you supposedly are, because if I see
that your mail server (or other hosts on your network) are infected,
compromised, or otherwise sources of abuse directed at my network, I
want to deal with /you/, not with your upstream's abuse desk triage.
 
>      I note, with a heavy hand, that there are no widely-disseminated
>      standards governing the reverse DNS of an Internet host other than this
>      draft, but administrators make decisions on it anyway.

On that and on a wide variety of other criteria, yes.
 
-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
antispam news and intelligence to help you stop spam: http://enemieslist.com/




More information about the NANOG mailing list