resolve URI domain to IP and match that?

[wolfgang <me...@gmx.net>]

after a wave of spam mails two days ago, today there was a new wave 
advertising a different URI that resolves to the same IP.

is there a built in possibility in SA (3.0.4) ro resolve a URI's domain to an 
IP and match that against a known IP, lets say 1.2.3.4 and thus score any 
hostname/domain that resolves to that IP?

cheers,

wolfgang

Re: resolve URI domain to IP and match that?

[Matt Kettler <mk...@comcast.net>]

At 06:50 PM 11/4/2005, wolfgang wrote:
>after a wave of spam mails two days ago, today there was a new wave
>advertising a different URI that resolves to the same IP.
>
>is there a built in possibility in SA (3.0.4) ro resolve a URI's domain to an
>IP and match that against a known IP, lets say 1.2.3.4 and thus score any
>hostname/domain that resolves to that IP?

Not a good idea... it's a known DoS vulnerability.

This gives the spammer the opportunity to slow down your mailserver by 
flooding it with emails containing unresolvable URIs. forcing a DNS timeout 
for each. Worse still they could deliberately feed back CNAME recursions 
that go all over the place adding DNS load.

Admittedly the URIDNSBL plugin limits the number of URI's per message, but 
a spammer could intentionally add a LOT of load to your system this way.