Front page | perl.qpsmtpd |
Postings from June 2005
David Nicol wrote:
> On 6/30/05, Elliot F <elliotf-qpsmtpd@gratuitous.net> wrote:
>
>
>> One could also use ldapdns, ldap2dns, mydns, etc... There are more mature
>> implementations of the idea. Anyway, it was another idea, on topic while John
>> was talking about methods of validating user addresses.
>>
>
> SPF is a very flexible protocol for validating user addresses through DNS.
> SPF macro language makes it possible to construct a name containing any
> information that is available at MAIL FROM time.
>
> I hope that is not news to anyone reading this.
>
And one can certainly enforce spf against spoofers
of oneself. They tend to be sending viruses/trojans
which is why they risk getting caught on spf, because
their whole scam is based on social engineering of the
form of "claim to authority". As John pointed out, they
don't even have good spam to train on, only a virus
payload.
my $spf_query = $transaction->notes( 'spfquery' ) ;
my ( $spf ) = $spf_query->result2( $recipient->address )
if $spf_query ;
if ( $spf and $spf eq 'fail' ) {
my $more_spf_hosts = $self->qp->config( 'morercpthosts' , 'map' ) ;
my $helo = lc $self->qp->connection->hello_host ;
my @spf_hosts = &uniq ( $self->qp->config( "me" ) ,
$self->qp->config( "rcpthosts" ) ,
$more_spf_hosts->{ $helo } ) ;
my ( $spoofus , $denied_host , $from_host )
= ( 0 , 0 , $transaction->sender->host ) ;
for ( @spf_hosts ) {
$_ =~ s/^\s*(\S+)/$1/ ;
$denied_host = $_ ;
$spoofus = 1 if $helo =~ m/\Q$denied_host\E$/i
or $from_host =~ m/\Q$denied_host\E$/i ;
}
if ( $spoofus ) {
$self->log( LOGDEBUG , "SPooF claim-to-authority "
. "social-engineering attack" ) ;
return ( DENYHARD ) ;
}
}
sub uniq { my %u ; grep { ++$u{ $_ } == 1 and $_ } @_ }
-Bob Dodds
Thread Previous
|
Thread Next