Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » How to reject connections to my mailserver from IP without reverse DNS entry?
  •  
maa1

Messages: 144
Karma: -27
Send a private message to this user
How to reject connections to my mailserver from IP without reverse DNS entry? (KMS 6.4.1)
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
exactly..this needs to be addressed..it's ridiculous to have a mailserver that doesn't block IP's that don't reverse resolve..geez.
  •  
sgongola

Messages: 109
Karma: 0
Send a private message to this user
Please explain what the problem is or what you want to do. From what I've seen, any ip address assigned by an ISP will have a reverse DNS entry set up by the isp whether for dsl/cable or dialup. In most cases, the reverse dns will not resolve to the original domain but to a different isp assigned name.

What you can do is verify that the senders domain exists in SMTP server security options and/or refuse connections from addresses assigned to dialup zones (DUL) using the blacklists.
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
sgongola wrote on Mon, 11 May 2009 12:32

Please explain what the problem is or what you want to do. From what I've seen, any ip address assigned by an ISP will have a reverse DNS entry set up by the isp whether for dsl/cable or dialup. In most cases, the reverse dns will not resolve to the original domain but to a different isp assigned name.

What you can do is verify that the senders domain exists in SMTP server security options and/or refuse connections from addresses assigned to dialup zones (DUL) using the blacklists.



Ok, actually it's very simple. i'm not actually trying to really do anything. What i'm saying is that any valid smtp server on the internet should have it's IP address resolve to a name. like if my ip were 99.99.99.99 it should resolve to a name like -> my.name.com

what i'm simply saying is that the kerio mailserver should have an option to REJECT any connection that does NOT resolve to a domain name. NO, not all ISP's have reverse resolution for all of their ip addresses....especialy foreign IP addresses (IP's not in the U.S.A) many asia pacific, RIPE, African ip's do not reverse resolve. i see this daily. what you are talking about with dying the senders domain....that is not good. that isn't reverse resolution. that's simply saying like if i send some spam out and i use something in the 'From:' field like, spammer<_a.t_>myspamdomain.com, the option you are suggestion simply looks to see if the domain actually resolves to an ip address.

that's not the same as the smtp server first checking to see if the ip address properly resolves to a name; which it SHOULD be doing as most servers do this by default.
Previous Topic: Mulptiple File Attachments
Next Topic: iphone activesync from email
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 04:01:29 CEST 2017

Total time taken to generate the page: 0.00456 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.