[Esd-l] smashing unknowns

Simon Matthews simon at paxonet.com
Tue Jul 30 10:00:01 PDT 2002 

Scott,

I don't think this is a case of poorly configured MTAs, rather it is simply 
that their IP address does not resolve to a name (no PTR record for the IP 
address). This can only be fixed by the owner of the IP address range.

Like many other companies, we run our own mail server -- we don't relay via 
our ISP. Unfortunately, neither of our IP address ranges have working 
reverse lookups, so most people will see "unknown" in the headers of emails 
that we send.

Simon


At 08:08 AM 7/30/02 -0700, Scott Taylor wrote:
>This line is from a header in that last message I sent:
>Received: from yangc-s9smikhab (unknown [219.68.65.176])
>
>Yesterday I put in a filter for ^Received: .*(unknown*)
>to catch a lot of spam, and it worked great, but in about 4 hours I was 
>getting calls from people (with poorly set up mail servers?) that were 
>sending headers like this.
>
>Here is the header, is that from the mail server or the client?
>
><snippet>
>  From bwreid at vernon.com  Mon Jul 29 14:47:23 2002
> >From rolly  Mon Jul 29 14:47:23 2002
>Return-Path: <bwreid at vernon.com>
>Delivered-To: xxxxx at xxxxxxxxxx.com
>Received: from liam.uiscan.com (liam.uiscan.com [204.239.220.3])
>         by xxxxxxxxx.com (Postfix) with SMTP id AE6CB85642
>         for <xxxxx at xxxxxxxxxxx.com>; Mon, 29 Jul 2002 14:47:22 -0700 (PDT)
>Received: (qmail 21606 invoked from network); 29 Jul 2002 21:48:08 -0000
>Received: from unknown (HELO BWREID) (24.77.128.254)
>   by liam.uiscan.com with SMTP; 29 Jul 2002 21:48:08 -0000
>Message-ID: <006d01c23748$4ba54310$9009a8c0 at BWREID>
></snippet>
>
>Here is the DNS server for that unknown, figures:
>128.77.24.in-addr.arpa. 1800    IN      SOA     ns2ht.ok.shawcable.net. 
>dnsadmin.shaw.ca.
>
>So, what I would like to do is catch these errors, and put them into a 
>file like the sanitizer does with the quarantines, so if someone is 
>missing an important email from a poorly set up ISP, it can be easily 
>retrieved.
>
>Any suggestions?
>_______________________________________________
>Esd-l mailing list
>Esd-l at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esd-l

More information about the esd-l mailing list