Re: [Exim] forgery protection ACLs

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Chris Edwards
日付:  
To: Richard Welty
CC: exim-users
題目: Re: [Exim] forgery protection ACLs
On Tue, 9 Dec 2003, Richard Welty wrote:

| well, i installed one of the recommended forgery protection ACLs,
| only to get the following:

|
| 2003-12-09 07:10:02 H=[64.4.47.24] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.47.24
| 2003-12-09 07:10:09 H=[64.4.8.80] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.8.80
| 2003-12-09 07:10:21 H=[64.4.15.109] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.15.109
| 2003-12-09 07:11:57 H=[64.4.8.84] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.8.84
| 2003-12-09 07:12:07 H=[64.4.8.87] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.8.87
| 2003-12-09 07:13:26 H=[64.4.14.15] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.14.15
| 2003-12-09 07:15:06 H=[64.4.9.68] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.9.68
| 2003-12-09 07:16:00 H=[64.4.23.114] temporarily rejected EHLO or HELO hotmail.com: Access temporarily denied. Resolve failed PTR for 64.4.23.114

|
| which would be fine, except that 64.4.0.0/18 does actually belong
| to hotmail according to whois records.


For what its worth we've had mail from some of those IPs in recent days,
and all the PTR lookups _have_ worked.

I do recall in the past getting genuine "hot" mail from an IP with no PTR,
and this was reproducible - they'd clearly forgotten to register it.

That was a while ago. A quick trawl thru recent logs shows that the few
messages we've accepted from hotmail senders with unregistered IPs have
all been spam, with the IPs not belonging to hotmail. So we're
considering adding this test.

Then again, all these forgeries (only a handful in total) could trivially
have been repulsed on the grounds of the HELO not being the expected
"hotmail.com".


--
Chris Edwards, Glasgow University Computing Service