|
| The ACL looks good, then.
|
I must be missing something - why all this talk of complicated dnsdb ACLs,
and worrying over domains with no MX etc ??
As the original poster (Gary) suggested, you can just drop the offending
IP into ignore_target_hosts in dnslookup router(s):
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 :\
172.16.0.0/12 : 192.168.0.0/16 : 64.94.110.0/24
This will mean two things:
(1) When our users mail a non-existant domain, our mailers will
authoratively fail the message, (as we have always done). This is
preferable to us connecting to the stub SMTP server on a verisign box.
(2) When a spammer spams us from a non-existant domain, the sender_verify
logic will discard the bogus A record pointing at 64.94.110.11 and thus
sender domain verification will positively fail, like it used to.
As far as I can tell, this neatly brings back normal service.
Or not ?
--
Chris Edwards, Glasgow University Computing Service
