[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky)
From: Martin Mačok <martin.macok@xxxxxxxxxxxxxx>
Date: Wed, 3 Mar 2004 23:58:32 +0100

On Wed, Mar 03, 2004 at 11:36:09PM +0530, Aditya, ALD [Aditya Lalit Deshmukh] 
wrote:

> how about the smtp server simply rejecting mail from spoofed hosts
> ? as all the viruses generate spoofed hosts and it is very easy for
> any smtp server to do a dns lookup on the sending server, if the
> hostname / ip address do not match reject the message.

I guess you are talking about comparing HELO/EHLO domain with
reverse/forward DNS record for the IP of the host. (?)

Yes, this would definitely stop almost all SPAM/viruses instantly when
"turned on". It just have two little problems - it would also
definitely stop almost all email messages - and - there would be also
no problem for SPAM/viruses to use real domain in EHLO verb tommorow.

Martin Mačok

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Cael Abal
- RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Aditya, ALD [Aditya Lalit Deshmukh]

Prev by Date: [Full-Disclosure] Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
Next by Date: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Previous by thread: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by thread: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Index(es):
- Date
- Thread