OpenBSD Journal

Similar to spamd?

Contributed by jose on from the spamland-security dept.

Wally Bedford writes: "Not so much an OpenBSD idea, but drawn from the usual frustrations with spam. How about using the spews list to redirect to a 'false' dns server?

If the network allows, you could nest another dns server behind your real one. This server would have all of your 'real' zones replicated, but only be serving queries that come from the blacklist (as redirected by your real dns server).

Now, set up some mx records for the zones on the false machine to point to 127.0.0.1, 192.168.1.1, 10.0.0.1, etc.

I'm not sure if this would be as disruptive as spamd would be, but it would have messages ricocheting around the inside for a while!" This idea is sort of interesting. Anyone work with something like this to potentially propogate invalid information back to spammers (ie false MX records)?

(Comments are closed)


Comments
  1. By Angry Rodent () on

    You could also probably use views in BIND 9 or similar DNS servers. That way, you wouldn't even have to run multiple DNS servers. It might require a hard reset of BIND each time you change the ACL/List however, as they are configured in named.conf not zone files.

  2. By BSE () on

    Spamers use recursive queries, just deny them in your public named instance

  3. By Passerby () on

    $ cat /usr/ports/net/dnsreflector/pkg/DESCR
    dnsreflector is a daemon that listens for DNS queries on a
    local UDP port and answers with records pointing back to
    localhost.
    Combined with pf(4) this works as a bandwidth efficient spamtrap.

    WWW: ${HOMEPAGE}

  4. By Brent Graveland () brent@graveland.net on http://graveland.net/

    The only way this would work is if the spammer has his own DNS server. If they use the ISP's name server, then the DNS queries will originate from the wrong IP.

    I guess since spews tends to block whole ISP's who are spam friendly, it may work.

    Still, with the distributed and caching nature of DNS, I wouldn't want bad DNS data out there.

    Besides, I like spamd :) In the last 2 days, I've wasted 59 hours of spammer MTA time on my 2 MX hosts.

  5. By NYB () spam@localhost on http://spews.org/faq.html

    All this spamd code assumes unquestioning spews is reliable and not harmful. It also assumes spamers don't know yet how to circumvent IP/netblock-based blacklists, which is even more questionable.

    Comments
    1. By Can Erkin Acar () on http://www.benzedrine.cx/relaydb.html

      You dont have to use spews with spamd, just use your imagination.

      Daniel did: http://www.benzedrine.cx/relaydb.html :)

  6. By Anonymous Coward () on

    This is kind of "off topic", but is there a way to use dns based spam blocking "lists" like ordb.org with spamd?? I would much rather let spamd play with the spammers than having postfix "nicely" rejecting the spammers.... ???

  7. By thehoodbuddy () on

    This is quite easy to do with tinydns and you
    don't have to deal with reloads.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]