DNS Expert

Re: DNS Expert

From:

Date:

Time:

At 4:02 PM -0600 2/17/2000, Mia's Virtual Post Office wrote:
>Men & Mice Support said:
>
>>At 9:56 AM -0500 2/17/2000, Allan Reichert wrote:
>>>On Thursday, February 17, 2000, Mark@pageworks.co.uk wrote:
>>> >I friend of mine was ribbing me as usual about how wonderful
>>> >Windows is and how sad the Mac is and all the great tools he's
>>> >got on Windows.
>>> >
>>> >So while he sat next to me I ran DNS Expert on his domain, and
>>> >all the errors it uncovered soon shut him up!
>>> >
>>> >We then ran it on microsoft.com, I expected it to be near
>>> >perfect. But it was far from it, with DNS Expert reporting dns
>>> >servers being vunerable to spoofing and mail servers being
>>> >vunerable to mail relaying.
>>>
>>>Here, Here!!! �I have done the same kind of thing here in the US
>>>with MediaOne, a very large national cable/Internet Service
>>>Provider. �They accused us (a fully-networked school system running
>>>ALL services on Macs) of having problems related to e-mail. �I
>>>tested their DNS system with DNS Expert and uncovered 23 printed
>>>pages of errors, including MX and DNS records pointing to devices
>>>that were not providing these services.
>>>
>>>Armed with this info, I was able to force them to correct most of
>>>the problems. �While I was at it, I enquired what platform they
>>>administrated from. � Since they indicated Windows, I turned them on
>>>the Windows version of DNS Expert, so that they could check and
>>>maintain things themselves.
>>>
>>>Excellent work, Men&Mice!!!
>>
>>Thanks for your comments, both of you.
>>
>>BTW: Microsoft contacted us about DNS Expert, specifically about why
>>it says their server is spoofable, given that they claim to have
>>fixed that in SP4. We explained that DNS Expert actually performs a
>>spoofing attack to get its results. They did some testing of their
>>own, and determined that, while they had in fact created a fix for
>>the problem, the fix was turned off by default.
>>
>>There's now a page in their knowledge base database explaining how to
>>enable this fix.
>
>Interesting Chris.. The only other thing that concerns me is that they
>have 5 mail servers, all of which show up as having open Relays? I was
>under the impression that this was a big NO, NO.

[...]

>I am going off topic here, and I digress, but wouldn't it be wise of MS
>to close those relays? It is irresponsible companies and admins like
>that, that allow spam to flow.

There are different ways to stop relaying, and not all of them will appear to pass DNS Expert's test.

For example, Pacific Bell has a mail server that is specifically designed to be used as a relay server for their dedicated-line customers. It's called smtp-relay.pbi.net. If you attempt to send mail through it, it will accept that mail. However, if neither sender nor recipient are in one of the domains belonging to their customers, that message will be bounced.

So smtp-relay.pbi.net isn't an open relay, though DNS Expert will accuse it of being so. I'm not saying that the 5 apparent open relays owned by Microsoft are configured this way, but it certainly is possible.

This is an example of why no tool is perfect. If we had DNS Expert actually try to relay a test message through every tested mail server, we'd have to set up a special mail server where DNS Expert could find its results. Also, we'd have created a potential tool for a DOS attack. So we won't do that. Instead, we have it go through all the steps of sending a test message, without actually sending a message.
____________________________________________________________________
Chris Buxton cbuxton@menandmice.com
Men & Mice http://www.menandmice.com
Makers of: QuickDNS Pro

Sales:
888/4-DPOINT

Support:
858/452-3696