lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040303225832.GB7256@josefina.dcit.cz>
From: martin.macok at underground.cz (Martin Mačok)
Subject: SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky)

On Wed, Mar 03, 2004 at 11:36:09PM +0530, Aditya, ALD [Aditya Lalit Deshmukh] wrote:

> how about the smtp server simply rejecting mail from spoofed hosts
> ? as all the viruses generate spoofed hosts and it is very easy for
> any smtp server to do a dns lookup on the sending server, if the
> hostname / ip address do not match reject the message.

I guess you are talking about comparing HELO/EHLO domain with
reverse/forward DNS record for the IP of the host. (?)

Yes, this would definitely stop almost all SPAM/viruses instantly when
"turned on". It just have two little problems - it would also
definitely stop almost all email messages - and - there would be also
no problem for SPAM/viruses to use real domain in EHLO verb tommorow.

Martin Ma?ok


Powered by blists - more mailing lists