[62544] in North American Network Operators' Group
Re: Kill Verisign Routes :: A Dynamic BGP solution
daemon@ATHENA.MIT.EDU (Damian Gerow)
Thu Sep 18 18:58:55 2003
Date: Thu, 18 Sep 2003 18:58:13 -0400
From: Damian Gerow <damian@sentex.net>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.44.0309182250080.23345-100000@serv1.thn>
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake Stephen J. Wilcox (steve@telecomplete.co.uk) [18/09/03 18:54]:
> So totallymadeupdomain.com now resolves but is unreachable. That will prevent
> you from bouncing emails to non-existent domains immediately..
FWIW, the latest versions of postfix have code in them to block connects
from explicitly listed hosts:
New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname
restriction that applies the specified access table to the NS or
MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT
TO commands.
This can be used to block mail from so-called spammer havens, or
from sender addresses that resolve to Verisign's wild-card mail
responder, currently at IP address 64.94.110.11.
- Damian
