On exim-users pir@??? wrote: >Lorens Kockum <lk-m-exim@???> probably said:
>> [snipped]
>
>Reverse DNS is hardly an identification.
Hmmm. It permits identifying a person or persons responsible
for the machine with much better granularity than a whois or a
traceroute.
>If, as you claim, it's easy to set reverse DNS or get it set, then
Well, not really. I argue that it is reasonable to demand that
one's IP address have a valid reverse. Setting it to something
customer-specific can be something else.
>Sometimes it hasn't been done yet when you _have_ to get a new mail
>server into place right now anyway. Sometimes the person who controls
>the reverse DNS is incompetent. So what ? What does this have to do
>with the person running the mail server on that network ?
Guilt by association :-) (I do see what you mean. In my own case
I wasn't about to go cracking into my ISP DNS server if they
refused to set it up. I just might have gone elsewhere, though,
with the exact argument that my mail might be refused by other
machines.)
>A new record can appear pretty much instantly, but changing something
>that has been cached can take far longer.
That's the first really good argument I've ever heard for not
defining rDNS for everything everywhere.
>> What do you care that your address reverse resolves to
>> host123-54.someisp.com? As long as it resolves?
>
>So if everyone did this, because it's apparently so easy, what point
>is there to blocking hosts without reverse DNS ?
You don't have a reasonably reliable contact address for the IP.
>Sometimes "They" can go "huh ?" when you tell them what to do on what
>machine, because "They" don't actually know anything about running
>machines, don't run that machine and won't let you talk to (or even
>know who) the people who actually run that machine.
>
>Welcome to the real world.
:-) Yep. I'm lucky they reacted as they did and not in one of
the ways you describe. You get what you pay for, I suppose.
>Reverse/forward DNS matching is nice and _should_ be reasonable for
>all active machines. Unfortunately it isn't true for all machines
>where valid mail comes from. If you choose to drop valid mail, that's
Not drop -- never drop. Never. Only refuse.
>your decision but none of your arguments really make any sense to me.
The applicable reasons are 1) doesn't have a reasonably valid
contact address 2) comes from a network administered in a way
that casts doubts on the competence of the administrators.
Slim, I agree (but miles better than refusing MAIL FROM:<> :-)).
For what it's worth, I don't refuse mail from IPs w/o rDNS (I
was not the original poster). I don't need that in my arsenal
of anti-spam tools. I do, however, understand and sympathize
with thse who are willing to take any measure to reduce the
amount of spam they get, and who can't do better.
