G
Guest
Guest
Archived from groups: microsoft.public.win2000.dns (More info?)
I have searched high and low and have yet to see a clear concise
answer to the question of whether a Windows 2000 DNS Server could be
used to host a DNS Blacklist/Blocklist service. I already subscribe
to publicly available blocklists and they do a good job of keeping our
SPAM down. My greatest remaining problem is dealing with the hordes
of virus infected emails coming in. We have AV software which
catches, and then automatically deletes infected messages. When time
permits I also try and track down the source of the infection using
SMTP logs and notify the associated abuse department. However I find
that many times my complaint is not acted upon, or it may take quite
some time (weeks) before the problem is addressed. I would like to
create a DNS blacklist that I host locally, that I can update with the
IP address of systems which I know are infected. Then I could
instruct Exchange 2003 to simply drop the connection from these known
infected hosts rather than accepting the virus infected email. I have
thought about using Global Deny IP lists instead of a DNSBL but there
is one drawback. The global deny list works, and quite well
especially if combined with a programmatic tool to add/delete members
from the list but the connecting system is simply dropped, it is not
notified that there was a problem. DNSBLs on the other hand return an
error code to the attempted sender. Granted I understand that a virus
SMTP agent would not accept these errors, but it would be helpfull
that if the client actually tried to send legitamte email, they would
recieve a warning back from the DNSBL system stating that delivery
failed because of known virus infection.
Here is what I have:
Windows 2000 SP3 Server hosting DNS for the local domain
Exchange 2003 on a seperate Windows 2000 SP3 box hosting email for the
local domain
Here is what I would like to have happen:
'Host A' sends infected email to our domain
Antivirus system picks up on infection deletes email
Administrator tracks down source IP address related to infected
message
Administrator adds IP address to DNSBL residing on local WIndows 2000
DNS server
'Host A' attempts to send infected email
Exchange queries local DNSBL, finds IP exists, returns error message
like the following:
550 5.x.x Sender denied, known virus infected host. If you feel this
is an error or if the virus infection has been cleaned contact
xxxxxxxx to have your system removed from our block list.
Does anyone know if this is possible?
Could anyone show me the proper format for the DNS entries that would
need to be made for this to work?
Thanks,
Troy Forsythe
I have searched high and low and have yet to see a clear concise
answer to the question of whether a Windows 2000 DNS Server could be
used to host a DNS Blacklist/Blocklist service. I already subscribe
to publicly available blocklists and they do a good job of keeping our
SPAM down. My greatest remaining problem is dealing with the hordes
of virus infected emails coming in. We have AV software which
catches, and then automatically deletes infected messages. When time
permits I also try and track down the source of the infection using
SMTP logs and notify the associated abuse department. However I find
that many times my complaint is not acted upon, or it may take quite
some time (weeks) before the problem is addressed. I would like to
create a DNS blacklist that I host locally, that I can update with the
IP address of systems which I know are infected. Then I could
instruct Exchange 2003 to simply drop the connection from these known
infected hosts rather than accepting the virus infected email. I have
thought about using Global Deny IP lists instead of a DNSBL but there
is one drawback. The global deny list works, and quite well
especially if combined with a programmatic tool to add/delete members
from the list but the connecting system is simply dropped, it is not
notified that there was a problem. DNSBLs on the other hand return an
error code to the attempted sender. Granted I understand that a virus
SMTP agent would not accept these errors, but it would be helpfull
that if the client actually tried to send legitamte email, they would
recieve a warning back from the DNSBL system stating that delivery
failed because of known virus infection.
Here is what I have:
Windows 2000 SP3 Server hosting DNS for the local domain
Exchange 2003 on a seperate Windows 2000 SP3 box hosting email for the
local domain
Here is what I would like to have happen:
'Host A' sends infected email to our domain
Antivirus system picks up on infection deletes email
Administrator tracks down source IP address related to infected
message
Administrator adds IP address to DNSBL residing on local WIndows 2000
DNS server
'Host A' attempts to send infected email
Exchange queries local DNSBL, finds IP exists, returns error message
like the following:
550 5.x.x Sender denied, known virus infected host. If you feel this
is an error or if the virus infection has been cleaned contact
xxxxxxxx to have your system removed from our block list.
Does anyone know if this is possible?
Could anyone show me the proper format for the DNS entries that would
need to be made for this to work?
Thanks,
Troy Forsythe