Checking sender MX

Introduction

This check consists in checking MXs (name and IP address) of the domain part of the envelope sender address against a blacklist. Usually you can reject messages if the domain part of the sender address can't receive mail (you can't answer him).

Some situations where this feature is useful are :

  • domains whose MXs are defined on private networks
  • domains whose MXs are set to networks which aren't allocated by IANA.
  • domains whose MXs are set to computers without an SMTP server running on it.

This kind of check doesn't block too much spam, but can alleviate mail queue from bounces to unreachable addresses.

To enable this feature, change this option at ze-filter.cf configuration file and define unwanted MXs at ze-policy database, using BadMX prefix.

ze-filter only checks the domain name and the address and hostname of MXs against a database of unwanted names and addresses (policy database). No SMTP connection is done to verify if the sender can be reached or not.

Configuration

BadMX check is enabled at ze-filter.cf configuration file :

CHECK_BAD_SENDER_MX              YES

The list of unwanted MXs are defined at ze-policy database :

#
# Private networks - RFC 1918 and RFC 3330
#
BadMX:10                   ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:127                  ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:169.254              ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.16               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.17               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.18               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.18               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.20               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.21               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.22               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.23               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.24               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.25               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.26               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.27               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.28               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.29               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.30               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:172.31               ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:192.0.2              ERROR:421:4.5.1:Unwanted or unreacheable MX !
BadMX:192.168              ERROR:421:4.5.1:Unwanted or unreacheable MX !
...
#
# Some Bad boys detected at ze-filter author site...
#
# NOTE : We here are returning error 421/4.5.1.
#        This doesn't conforms to RFCs, as this will close connection
#        with a temporary error. Correct answer shall probably be
#        550/5.7.1. But unless this comes from misconfigured servers,
#        all messages coming from this kind of addresses are spam.
#
#        So, let's fill up sender mailqueue (if they manage this...)
#
# Bogus MX
BadMX:dev.null             ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
#
# Known spammers
BadMX:saveinternet.net     ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
# Bogus MX
BadMX:dev.null             ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
...
# Unprobable sender domains
BadMX:nomail.yahoo.com          ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
BadMX:client.comcast.com        ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
BadMX:pooles.rima-tde.net       ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
BadMX:client2.attbi.com         ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
BadMX:client.mchsi.net          ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
BadMX:client.mchsi.com          ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
BadMX:client.insightbb.com      ERROR:421:4.5.1:Unwanted or unreacheable MX... Try later !
#
# SEDO Parking 
BadMX:82.98.86                  ERROR:550:571:Domain parking !!!
#
BadMX:blackhole.wanadoo.com     ERROR:550:571:Blackhole MX !
#
# Reserved IANA - http://www.iana.org/assignments/ipv4-address-space
#
BadMX:0        ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:1        ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:2        ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:5        ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:10       ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:14       ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:23       ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !
BadMX:27       ERROR:421:4.5.1:Sender MX in an unallocated or reserved network !

You'll find a starting list of entries at installed files ze-policy.z-badmx.txt and ze-policy.z-iana.txt. These files contain entries for private networks, unassigned network addresses and a list of addresses or domains or hostnames used as MX for spam domains. List of unassigned or reserved networks or addresses you should never see comes from IANA and RFC 3330. The IANA list is updated from time to time.

As long as the list of unallocated IANA networks isn't constant all the time, you shall update it from time to time. You can use the get-iana, installed inside /var/ze-filter/bin to update this data. It shall do something like this :
# cd /var/ze-filter/cdb
# ../bin/get-iana > ze-policy.z-iana.txt
# make
doc/spam/bad_sender_mx.txt · Last modified: 2018/02/09 15:59 by 127.0.0.1
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0