[juneau-lug] Re: ORDB.org is shutting down

  • From: James Zuelow <e5z8652@xxxxxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Fri, 22 Dec 2006 17:53:19 -0900

On Friday 22 December 2006 16:22, Eric M. Niewoehner wrote:
>  I am not certain as to
> what ORDB was doing, but I picked up from the thread that you were
> investigating ways to secure e-mail traffic. 

ORDB was the Open Relay Data Base - just a DNS server that responded with an A 
record if an IP address was in it's database.  A server got put into the 
database by failing a relay test.  Essentially, the ORDB folks attempted to 
send themselves an e-mail from themselves, through the target server.  If it 
worked, that server was an open relay and would happily send spam for anyone.  
Back in the day (before zombie armies) open relays were the primary method 
for spammers to disguise their identity and distribute mail.

> I have been researching the 
> topic this past four months, setting up my own e-mail server and slowly
> acquainting myself with SMTP and beyond.  I would like to invite interested
> members of the LUG to keep up the dialog on authenticating e-mail. 
> Specifically:
>   * Anyone develop scripts for analyzing e-mail server logs 
>   * Anyone develop scripts for resolving IP and DNS entries 
>   * Anyone have data on what techniques were tried and what results were
> observed 
> To be quite frank, cybersystic dialog is not exactly the most effective
> communication process for me.  If we could find interested folks in Juneau,
> we should consider setting up an e-mail administrators group, meet over some
> serious java, and tackle this problem.

That would be interesting.  SMTP authentication is fairly easy to set up 'out 
of the box' on the server side.  (The Debian postfix package depends on sasl 
and openssl and tls is enabled by default.  You just need to build your 
certificates).

Most modern MTAs have a variety of anti-spam tools built in.  For example 
Postfix can reject mail that comes from IP addresses with no PTR record just 
by turning on "reject_unknown_client".

Sometimes MTA's use a very slightly different methodology to do the same 
thing - Sendmail's "greetpause" and Postfix's "reject unauth pipeline" both 
reject pipelined SMTP commands.  IMHO Postfix's method is more elegant, but 
Kevin might disagree.

There are a huge number of 3rd party utilities to monitor log files or take 
action.  You probably want to take a peek at MailScanner 
(http://www.mailscanner.info) since it does all of the things you've listed 
above.  Kevin knows a lot of the ins and outs of using it in production.  I 
just ssh in and break it from time to time.  :)
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  1. Home
  2. juneau-lug
  3. Archive
  4. 12-2006