[PLUG] DNS resolution for blacklisting...

Joshua Hoblitt jhoblitt at ifa.hawaii.edu
Tue May 27 20:53:57 UTC 2008


You probably want to follow the behavor of SMTP as defined in RFC 2821.  I
quote:

    5. Address Resolution and Mail Handling

       Once an SMTP client lexically identifies a domain to which mail will
       be delivered for processing (as described in sections 3.6 and 3.7), a
       DNS lookup MUST be performed to resolve the domain name [22].  The
       names are expected to be fully-qualified domain names (FQDNs):
       mechanisms for inferring FQDNs from partial names or local aliases
       are outside of this specification and, due to a history of problems,
       are generally discouraged.  The lookup first attempts to locate an MX
       record associated with the name.  If a CNAME record is found instead,
       the resulting name is processed as if it were the initial name.  If
       no MX records are found, but an A RR is found, the A RR is treated as
       if it was associated with an implicit MX RR, with a preference of 0,
       pointing to that host.  If one or more MX RRs are found for a given
       name, SMTP systems MUST NOT utilize any A RRs associated with that
       name unless they are located using the MX RRs; the "implicit MX" rule
       above applies only if there are no MX records present.  If MX records
       are present, but none of them are usable, this situation MUST be
       reported as an error.

ftp://ftp.rfc-editor.org/in-notes/rfc2821.txt

On Tue, May 27, 2008 at 03:08:18PM -0700, someone wrote:
> I'm working on a perl script that checks to see if the rcpt from and  
> the mail from are resolveable.  If neither of these resolve, the rcpt  
> from IP should be blacklisted.  Well, I've run into some questions  
> about what resolved should mean.
> 
> [michael at eagle block_smtp]$ host aeincgr.com
> aeincgr.com mail is handled by 15 mail2.aeincgr.com.
> aeincgr.com mail is handled by 5 mail.aeincgr.com.
> 
> Look at the latter example here.  There is no A record.  Should I  
> consider aeincgr.com resolved?
> 
> The following is my dns query script in my perl script I'm working on.  Notice
> that only hostnames which produce an A record are considered resolved.
> 
> ###### dnsquery
> #  
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> sub dnsquery
> { # Return 0 if $teststr resolves or has resolved before.
>    # Return 1 if $teststr doesn't resolve or it hasn't resolved before.
>    # $teststr passed in.
> 
>      if ( $PRINT_FUNCTION )
>      {
>           print FUNCTRACE "dnsquery...\n\n";
>      }
> 
>      # Make sure $teststr hasn't resolved already before checking it.
>      if ( exists $dnsres{$teststr} )
>      {
>           $dnsres{$teststr}++;
> 
>           return 0;
>      }
> 
>      # Make sure $teststr hasn't failed to resolve already before checking it.
>      if ( exists $dnsdnres{teststr} )
>      {
>           $dnsdnres{$teststr}++;
> 
>           return 1;
>      }
> 
>      use Net::DNS;
> 
>      my $res = Net::DNS::Resolver->new;
> 
>      my $query = $res->search($teststr);
> 
>      if ($query)
>      {
>          # Add to the dns resolved hash table.
>          $dnsres{$teststr} = 1;
> 
>          foreach my $rr ($query->answer)
>          {
>             next unless $rr->type eq "A";
>             print $teststr, ": ", $rr->address, "\n";
>          }
> 
>          return 0;
>      }
>      else
>      {
>           # Add to the dns does not resolve hash table.
>           $dnsdnres{$teststr} = 1;
> 
>           print $teststr, " does not resolve.", "\n";
> 
>           return 1;
>      }
> 
> } # End of dnsquery.
> #  
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
> Should I check to see if MX records are returned instead of A records???  What
> changes do I need to make to this function to do that???
> 
>       Michael C. Robinson
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug



More information about the PLUG mailing list