> But sometimes, mail servers (are checking if the sender domain name = IP > ? to prevent spam ? > May be I'm wrong, not an expert ;) Some servers can check for a valid rDNS/FCrDNS [1]. Reverse of the IP sending the mail must be equal to the HELO/EHLO domain used. For example the nazi and very bad DNSBL V4BL [2] do this check and reject all mail if not pass. This check is also a clue for spamassassin [3] for spam scoring but doesn’t reject the mail only on this fact. This is a best practice from RFC 1912 [4] but is highly problematic for self- hosting/tiny mail provider because it’s not common at all to be able to manage IPv4 reverse (and worst IPv6 reverse) : - Reverse IPs require cooperation of your ISP/IP provider because the affected in-addr.arpa zone is on it authority server and not your. Only few allow reverse IP for their customers. - It’s not compatible with multiple domains behind single IP with standard tools (EHLO/HELO is generally not dynamic but static in SMTP config). - It requires a single SMTP outgoing gateway for all your outgoing mail server, to avoid reverse DNS on all your IP and in particular on your shared hosting server. Only huge enough email providers like Google or Microsoft are able to ensure clean rDNS/FCrDNS in practice… > I see on mine bad guyz trying to send mails from a domain name not equal > to the IP from it's sent... is it "reading" the header informations to > make it possible ? Spammer generally use a EHLO with the targeted domain or common outgoing domain (gmail, yahoo, microsoft…) to try to confused anti-spam or badly configured incoming mail server (corporate email servers generally whitelist their own domain…). And remember the SMTP *content* can be totally different from SMTP *metadata*. You can announce an EHLO domain "foo" but send an email from and to "bar" domain. This can be a spoofed email but also totally valid email. An email sent from a "foo" server with a "foo" TO addresses but a "bar" FROM and BCC adress will generate the following SMTP on the BCC server. EHLO mx.foo MAIL FROM:<sender@bar> RCPT TO:<bcc@bar> DATA From: sender@bar To: to@foo Subject: a BCC email This is the body . You can imagine more wierd SMTP exchange with 5 differents domains on the EHLO, MAIL FROM, RCPT TO, From and To (mailing list change EHLO, address rewriting change MAIL FROM, forwarding change RCPT TO, BCC decorrelate metadata from content…)… Paradize for spammer, hell for spam fighter… [1] https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS [2] https://gcm.v4bl.org/ [3] https://wiki.apache.org/spamassassin/Rules/RDNS_NONE [4] https://tools.ietf.org/html/rfc1912#section-2.1 Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk