Deny MX queries for dynamic IP pools

Peter Dambier peter at peter-dambier.de
Mon Feb 1 23:43:00 UTC 2010


Noel Butler wrote:
> Firstly, I feel this really belongs on mailops not bind list :)
> secondly...
> 
> On Mon, 2010-02-01 at 00:00 +0300, Wael Shaheen wrote:
> 
>> Blocking port 25 is much worse IMHO because it forces users out of the
>> service, by restricting their ability to use their own mail servers that can
>> be hosted externally. I believe good mail administrators will force SMTPS

Blocking DNS belongs here.

I don't think blocking DNS is a good idea. You are blocking access to
zones using strictly internal DNS that is not published but only AXFRed
and you are blocking alternative DNS. In germany alternative DNS is a
must as many ISPs are stumbling over their own feet when implementing or
testing censoring. Maybe some of the DNS blackouts here have been DNSSEC
as well.

Oh, how about DNSSEC?

How do you handle signatures?

And you are breaking dnsbl because dnsbl is DNS at an alternative
address. So some of your clients might accidently drop all mail
as spam and it takes long to find such a bug if somebody else
does maintain the mailer.

> 
> The bigger question is why are you not blocking, suspending, or
> terminating the accounts of those who you know are spamming, be it
> deliberate, or not (as the end result is the same)
> 
> Cheers
> 
> 

Cheers
Peter and Karin


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
http://www.peter-dambier.de/
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
ULA= fd80:4ce1:c66a::/48



More information about the bind-users mailing list