RE: [Exim] forgery protection ACLs

Top Page
Delete this message
Reply to this message
Author: Rick Cooper
Date:  
To: exim-users
Subject: RE: [Exim] forgery protection ACLs

> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org]On
> Behalf Of Richard Welty
> Sent: Tuesday, December 09, 2003 1:21 AM
> To: exim-users@???
> Subject: [Exim] forgery protection ACLs
>
>
> well, i installed one of the recommended forgery protection ACLs,
> only to get the following:
>
> 2003-12-09 07:10:02 H=[64.4.47.24] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.47.24
> 2003-12-09 07:10:09 H=[64.4.8.80] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.8.80
> 2003-12-09 07:10:21 H=[64.4.15.109] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.15.109
> 2003-12-09 07:11:57 H=[64.4.8.84] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.8.84
> 2003-12-09 07:12:07 H=[64.4.8.87] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.8.87
> 2003-12-09 07:13:26 H=[64.4.14.15] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.14.15
> 2003-12-09 07:15:06 H=[64.4.9.68] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.9.68
> 2003-12-09 07:16:00 H=[64.4.23.114] temporarily rejected EHLO
> or HELO hotmail.com: Access temporarily denied. Resolve
> failed PTR for 64.4.23.114
>
> which would be fine, except that 64.4.0.0/18 does actually belong
> to hotmail according to whois records.
>
> so for those who have used these acls for a while, is this config
> blowing off legit hotmail users, or is it ok to ignore email from
> hotmail IPs w/o rDNS?
>


I haven't had problems with this type of block, but when I check the
hosts listed above I find they all resolve:

host 64.4.14.15
15.14.4.64.in-addr.arpa domain name pointer
law10-oe43.law10.hotmail.com.

So perhaps they were having issues with their name servers?

The other thing I noticed in the ACL is a blank hostname triggers the
defer portion as well as does a lookup failure. Your log shows:
H=[64.4.9.68] I don't see a host entry or parenthetic host name entry
just the IP (not even a H=([64.4.9.68]).

Try:
message   = Access temporarily denied. Cannot resolve PTR record for \
        $sender_host_address ($sender_host_name)
as the log message and see what hostname you get.


Rick