Re: [Exim] Prohibition message

Top Page
Delete this message
Reply to this message
Author: Peter Radcliffe
Date:  
To: exim-users
Subject: Re: [Exim] Prohibition message
Lorens Kockum <lk-m-exim@???> probably said:
> Your problem.


The problem of whoever can't get mail.

> to the price of sand in the Sahara. Refusing mail because the
> sending host refuses to be identified is a better reason than
> most.


Reverse DNS is hardly an identification.

If, as you claim, it's easy to set reverse DNS or get it set, then
it's easy to have it as whatever you want it to be. This could be in
one of a few dozen domains for me (not all of which are mine) - where
is the identification ?

> You don't need control, just a reverse DNS. If you get an IP
> address that does not resolve to a DNS name that resolves to
> your IP address, that's just plain incompetence on the part of a
> network administrator.


*sigh*
Sometime this just isn't possible. Desirable, yes.

Sometimes it hasn't been done yet when you _have_ to get a new mail
server into place right now anyway. Sometimes the person who controls
the reverse DNS is incompetent. So what ? What does this have to do
with the person running the mail server on that network ?

> When I set up a class C (admittedly I've only done it once) I
> make everything resolve forwards and backwards with a generic
> name+number, including not-yet-used addresses. No more
> problems.


I define reverse DNS as needed, as do most people.

A new record can appear pretty much instantly, but changing something
that has been cached can take far longer.

> What do you care that your address reverse resolves to
> host123-54.someisp.com? As long as it resolves?


So if everyone did this, because it's apparently so easy, what point
is there to blocking hosts without reverse DNS ?

> It was bunk, of course, since they provided rDNS for other
> addresses in the same class C. I dug(!) up the NS, determined
> the machine type, and told them that on $MACHINE, in a file very
> probably named $DIR/$FILE, you add $LINE, and then you kill -HUP
> named. "They" apparently said "ooh, is it that simple", and did
> it.


Sometimes "They" can go "huh ?" when you tell them what to do on what
machine, because "They" don't actually know anything about running
machines, don't run that machine and won't let you talk to (or even
know who) the people who actually run that machine.

Welcome to the real world.

Reverse/forward DNS matching is nice and _should_ be reasonable for
all active machines. Unfortunately it isn't true for all machines
where valid mail comes from. If you choose to drop valid mail, that's
your decision but none of your arguments really make any sense to me.

P.

-- 
pir                  pir@???                    pir@???