On exim-users dcinege@??? wrote: >Paul Walsh wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I've been asked by "upstairs" if it's possible, when rejecting mail
>> on the basis of a failed reverse-DNS lookup, to send a message back
>> to the originator explaining why the mail has been rejected and
>
>It is anal retentive
Your problem.
>and I believe a violation of RFC to do this.
No. You can refuse mail for any reason you choose, including
the phase of the moon and the price of water in Alaska relative
to the price of sand in the Sahara. Refusing mail because the
sending host refuses to be identified is a better reason than
most.
>Not all of us can afford to buy connections that we can get rev-res control.
You don't need control, just a reverse DNS. If you get an IP
address that does not resolve to a DNS name that resolves to
your IP address, that's just plain incompetence on the part of a
network administrator.
When I set up a class C (admittedly I've only done it once) I
make everything resolve forwards and backwards with a generic
name+number, including not-yet-used addresses. No more
problems.
What do you care that your address reverse resolves to
host123-54.someisp.com? As long as it resolves?
I recently got a permanent IP address for personal use, and my
contact who didn't know what rDNS was said uh, no, they can't do
that, it costs money, they have to go to RIPE (European ARIN).
It was bunk, of course, since they provided rDNS for other
addresses in the same class C. I dug(!) up the NS, determined
the machine type, and told them that on $MACHINE, in a file very
probably named $DIR/$FILE, you add $LINE, and then you kill -HUP
named. "They" apparently said "ooh, is it that simple", and did
it.
I didn't say that given the type of machine and the versions of
the daemons, anyone with the time an inclination to go looking
for script-kiddie recipes could have done it for them, that
might have been construed as a threat :-)