Re: [Exim] forgery protection ACLs

Pàgina inicial
Delete this message
Reply to this message
Autor: Kevin Reed
Data:  
A: exim-users
Assumpte: Re: [Exim] forgery protection ACLs
Richard Welty said:
>
> 2003-12-09 07:16:00 H=[64.4.23.114] temporarily rejected EHLO or HELO
> hotmail.com: Access temporarily denied. Resolve failed PTR for
> 64.4.23.114
>
> which would be fine, except that 64.4.0.0/18 does actually belong
> to hotmail according to whois records.


Yep it does...

114.23.4.64.in-addr.arpa. IN PTR law15-f114.law15.hotmail.com.

Except your server is not getting that for some reason and Exim is seeing
that...

Note is says "Access temporarily denied".... It is not denying the
connection outright, it is saying it is unable to resolve the IP and is
temporarily denying the connection.... I'd guess it is getting either a
server failure message or Error condition rather than a NXDOMAIN.

An outright deny would be a reject:

2003-12-08 23:45:48 H=(compuserve.com) [62.108.181.177]
rejected EHLO or HELO compuserve.com:
HELO MISMATCH Forged HELO for (compuserve.com)

I'm guessing you were/are having a dns problem.. or perhaps hotmail was.

> so for those who have used these acls for a while, is this config
> blowing off legit hotmail users, or is it ok to ignore email from
> hotmail IPs w/o rDNS?


Hotmail does not have IP's without rDNS that I've seen, so the answer is
no. You are having a problem, I've only seen when your dns is messed up
or not available...


--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums