[SPAM] Limiting MX Requests

Mark Andrews marka at isc.org
Wed Feb 10 22:30:16 UTC 2010


In message <935D61D3C7D68E47A5BA4E1D90AB5996CABEA78F3C at NSAOSV0019.netservicos.c
orp>, Marcelo Batista Sarmento writes:
> Hi,
> 
> Having a lot of trouble with spam here. When we check the DNS for MX querie=
> s, more than 95% comes from what we believe to be compromised customers mac=
> hines.

Well quarantine the machines.  Leaving compromised machines on the net does
no one, not even your customers, a service.
 
> Educating the customers takes time, so we are thinking about a way to limit=
>  the number of allowed MX requests  by adding some sort of throttle control=
>  on Named.

This falls squarely into the "stupid DNS tricks" category.

There are MUA's that make MX, A and AAAA queries before initiating
the SMTP connection to verify addresses.

The code will most probable continue on to performing A and AAAA
queries to create implicit MX records rather than explicit MX
records.
 
> We already started to code it, but there is an internal discussion here abo=
> ut what should be the best entry point to intercept these MX queries (I thi=
> nk client.c is the best candidate).

Do you want to block the query or the positive response?
Do you want to send all the traffic though a filtering box using fake MX
records (this falls squarely into the stupid dns tricks category).

Answering questions like these will decide where you do the filtering.

Are there alternatives to mucking with the DNS?

Is it better to just add a intercepting filtering proxy?
Is it better to just block port 25 with manual exclusion?

Mark
> Would like to here from you some comments on it.
> 
> Regards,
> 
> 
> Marcelo Sarmento
> Infra Estrutura - Virtua
> Net Servi=E7os de Comunica=E7=E3o
> +55 11 2111 2918
> +55 11 9267 2618 (Mobile)
> msarmento at netservicos.com.br


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-workers mailing list