Messaging Gateway

 View Only

  • 1.  Blacklist or Whitelist email using Reverse DNS IP Hostnames

    Posted Mar 29, 2010 10:51 AM
    Hi,

    I was using Ibm Domino as my mail Gateway, and I was able to block incoming mail using reverse dns names.

    For Example, that IP 69.63.184.110 has a reverse DNS set to "outmail010.ash1.tfbnw.net"

    In Ibm Domino I was able to include "tfbnw.net" in the field "Blacklist the following hosts:"

    That way every email sent by facebook were blocked as all their mails servers are having a reverse dns that end with "tfbnw.net"

    IN SBG 9.0 is there a way to do this?
    Look like I can only block by IP or by Domain Names...

    Same question, if I will like to Whitelist all mail servers that have a reverse dns that end with a specific company name.  For Example  "yahoo.com"

    Thank,

    Steve


  • 2.  RE: Blacklist or Whitelist email using Reverse DNS IP Hostnames

    Posted Mar 29, 2010 11:30 AM

    In 8.x and above.   Reputation, Bad Senders,  Local Bad Sender Domains, add,  *.tfbnw.net

    This isn't exactly what you asked for since it's looking at the envelope sender.

    You could also use Local Bad Sender, Bad Sender IPs and provide CIDR range(s).


  • 3.  RE: Blacklist or Whitelist email using Reverse DNS IP Hostnames

    Posted Mar 29, 2010 01:13 PM
    Yeah, I know I could Blacklist using the enveloppe sender, but as you know, the enveloppe sender is often forged or change to match anything else.
    For example, some messages from Facebook will have the from name pick in the user's profile email address.  It could be is real company name, or his personal address.  I only want to block email that come from Facebook.

    Block IP addresses is possible, but it is not always easy to find all the Domain IPs a company are using...(CIDR)  some company use more than one network as a fail over.
    so If you know they followed a pattern in their reverse DNS to identify them, it is a lot easier to block.

    In my opinion Brightmail should have something for that...

    Another example:
    You want to whitelist a company's mail server.   Their mail server is using IP: 123.123.123.123  and a reverse DNS set to "mail.thatcompany.com".
    If you whitelist "mail.thatcompany.com" and later that company has to change their ISP, they will get a new IP and your configuration will still works.









  • 4.  RE: Blacklist or Whitelist email using Reverse DNS IP Hostnames

    Posted Mar 29, 2010 02:04 PM

    Agreeed.  My converstations with Symantec shows that rDNS is only used in logging.  Something for the Idea section.