On Thursday, Jan 15, 2004, at 11:42 Europe/London, Rory Campbell-Lange
wrote:
> Is a test like this grounds for rejecting mail?
> I note that quite a few messagelabs servers don't reverse properly.
as you note not eveyone has DNS == ip == rDNS so at this stage its not
a good idea to reject all non maching rDNS
only some (but which?) and defo others ... namely emails from sites
claiming to be MSN or Hotmail for instance
this was offered some time ago by some kind soul on the mail list
it takes into account failed or lagged dns lookups
I use it myself
(if there are any errors or omissions I would welcome corrections -
thanks)
###################
# modified variant to take account of delayed or missing dns servers
# Check ONLY Certain HELO's against what their hostname is supposed to
be
warn set acl_m9 = ${lookup{$sender_helo_name} \
partial-lsearch{/etc/exim/helo_check} \
{${if eq{$value}{}{$sender_helo_name}{$value}}}{}}
defer condition = ${if eq{$acl_m9}{}{no}{yes}}
condition = ${if eq{$sender_host_name}{}{yes}{no}}
condition = ${if eq{$host_lookup_failed}{1}{no}{yes}}
message = Access temporarily denied. Cannot resolve PTR
record for $sender_host_address
drop log_message = HELO MISMATCH Forged HELO for ($sender_helo_name)
condition = ${if and { \
{!eq{$acl_m9}{}} \
{!match{$sender_host_name}{${rxquote:$acl_m9}\N$\N}} \
} \
{yes}{no}}
delay = 30
#
###################
the flat file can be like this
###################
#
$ cat /etc/exim/helo_check
mail.com
microsoft.com
hotmail.com
msn.com hotmail.com
compuserve.com
aol.com
outblaze.com
yahoo.com
yahoo.fr
yahoo.ca
yahoo.co.uk
#
###################
thus only emails claiming to be from the above listed domains are
checked for rDNS
hope this helps
Zaw
