Re: post.office and mail blocking

Daryl Banttari ( daryl@2ndlevel.net )
Mon, 07 Apr 1997 21:38:22 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Dale E. Reed Jr.: "Re: radius : couln't open...."
Next message: Jeff Weiss: "Re: Is the inet-access list down?"
Maybe in reply to: Jeff Woods: "post.office and mail blocking"

Jeff Woods wrote:
>
> Daryl Banttari wrote a couple weeks back about a potential way to
> block spammers from post office using a mail forwarder, restricted
> DNS, and a filter.
>
> I don't think this would work, as then, NOBODY can send outbound mail
> not just outsiders, but even those I want to (since we're blocking
> port 25 on the real mail server, and the "outside one" can't send it
> on.
>
> Daryl, could you elaborate about how this might work?

OK, we have this scenario:
Router at x.x.x.1, blocks all TCP-SYN inbound to x.x.x.3:25
Crippled Mailer [CM] at x.x.x.2, NO DNS ABILITIES WHATSOEVER (see below)
Real Mailer [RM] at x.x.x.3, normal config
DNS MX records for all domains point to x.x.x.2
CM has a HOSTS entry for all domains supported by RM

We have four situations to look at:

1. Sending Mail: Hosts inside the router (including dialup) connect to
RM normally (tell them to configure pop3.foo.com [pointing to x.x.x.3]
for both receiving and sending mail); RM acts as smart mailer and sends
mail to destination host normally. (note that router is only blocking
inbound TCP-SYN connection requests, not reply TCP-XSYN packets that are
for existing connections.)

2. Receiving Valid Mail: MX points to mail.foo.com [the CM, x.x.x.2].
CM receives mail, but doesn't think it should handle this mail. Tries
to do an MX lookup for foo.com; that fails. CM then attempts to lookup
an "A" record for foo.com, finds "x.x.x.3 foo.com" out of its hosts
file. CM then forwards mail to x.x.x.3 where mail server stores or
processes normally.

3. Receiving Spam Mail to RM: SMTP connection is blocked at router.

4. Receiving Spam Mail to CM: CM receives mail, then attempts for
forward to destination address elsewhere on the net (user@bar.com). CM
knows it is not the mail host for bar.com (in fact, it doesn't think
it's the mail host for any domain) so it attempts to forward the mail to
bar.com. MX lookup fails (because DNS is disabled), and the mailer
can't find an A record or HOSTS entry for the domain, so the mail is
discarded. Be sure to tell CM to delete undeliverable mail.

Did I miss anything?

If not, send beer to:
Daryl Banttari
170 Windsor Lane
New Brighton, MN 55112

(just kidding)

Daryl

-- +|Daryl S. Banttari, CNE|mailto:daryl@2ndlevel.net|http://www.2ndlevel.net/daryl|"Talk does not cook rice" - Chinese proverb|'Good things come to those who wait, but only the things left by | those who hustle.' - Abe Lincoln|'A candle loses nothing by lighting another candle' - Fr. James Keller|'There is a diminishing return on caution' - Me+

Previous message: Dale E. Reed Jr.: "Re: radius : couln't open...."
Next message: Jeff Weiss: "Re: Is the inet-access list down?"
Maybe in reply to: Jeff Woods: "post.office and mail blocking"