|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: VeriSign SMTP reject server updated
On Sat, 20 Sep 2003, Avleen Vig wrote: > > > We are interested in feedback on the best way within the SMTP protocol > > > to definitively reject mail at these servers. One alternate option we > > [snip] > > The correct "solution" is to remove the wildcarding. > Until that happens, the best thing to do IS accept and then reject mail. > This is significantly better than leaving it to expire in a spool after > 5 days. Did someone already suggest adding an MX to the * record that points to a nonexistent host (obviously in some other TLD)? At least in my environment (sendmail/bind9/Linux), I can setup a wildcard record with an A record and an MX record pointing to a bogus host, and mail bounces immediately. 550 5.1.2 <[email protected]>... Host unknown (Name server: nomail.invalid.: host not found) I think the whole wildcards in .com/.net is a bogus idea...but this sort of setup would at least keep lots of mail from trying to get delivered to VeriSlime. I've already had to fix one old SpamAssassin installation that was scoring mail based on hits in one of the dorkslayers.com dnsbls that no longer exists. It seems dorkslayers.com has decided to fix this by registering some name servers again. Until recently, they'd taken the name server records off the domain, and so VeriSlime had hijacked dorkslayers.com, turning it and all its subzones into a 0/0 dnsbl. modified: 2003-09-16 15:52:46 UTC JORE-1 ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|