Re: [Exim] Prohibition message

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-users
Subject: Re: [Exim] Prohibition message
On Tue, 14 Mar 2000, Peter Radcliffe wrote:

> I define reverse DNS as needed, as do most people.


We define it always. Period. (And run software - makezones - that
insists on it.)

> So if everyone did this, because it's apparently so easy, what point
> is there to blocking hosts without reverse DNS ?


I think you may be missing the point here. People aren't blocking hosts
without DNS directly; they are getting blocked because people want to
block hosts using wild card names. For example

host_reject_recipients = *.well.known.spammer.domain

is easier to set up than finding out all the network addresses of that
domain. However, if you have any blocks like this, Exim has to do a
reverse DNS lookup in order to find out the sending host's name, in
order to do the wildcard match. If it can't find out the name, it has no
option but to block, just in case. That's what's happened in a lot of
these cases.

> Reverse/forward DNS matching is nice and _should_ be reasonable for
> all active machines. Unfortunately it isn't true for all machines
> where valid mail comes from. If you choose to drop valid mail, that's
> your decision but none of your arguments really make any sense to me.


I hope my explanation has helped.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.