Re: [Exim] Delay 220 greeting to reduce spam?

Top Page
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: woods
CC: Exim User's Mailing List
Subject: Re: [Exim] Delay 220 greeting to reduce spam?
On Thu, 2004-06-03 at 09:39, Greg A. Woods wrote:
> [ On Wednesday, June 2, 2004 at 21:33:47 (+0100), Andrew - Supernews wrote: ]
> It's long past time for you to fix your broken DNS Andrew!
>

[...]
> |------------------------- Failed addresses follow: ---------------------|
>  address 'andrew@???' failed:
>     inet_zone_bind_smtp transport reports unknown user:
> 550-Callback setup failed while verifying <woods@???>
> 550-Called:   204.92.254.15
> 550-Sent:     HELO trinity.supernews.net
> 550-Response: 501-fatal error while validating 'HELO' host name 'trinity.supernews.net'.
> 550-501-connection rejected from trinity.ranger.supernews.net remote address [216.168.1.22].
> 550-501-Reason given was:
> 550-501-  None of the existing reverse DNS PTRs for your remote address
> 550-501-  [216.168.1.22] has a hostname matching 'trinity.supernews.net'.  Your
> 550-501   reverse DNS is likely misconfigured
> 550-The initial connection, or a HELO or MAIL FROM:<> command was
> 550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards
> 550-RFC requirements, and stops you from receiving standard bounce
> 550-messages. This host does not accept mail from domains whose servers
> 550-refuse bounces.
> 550 Sender verify failed


Hmm. If you _require_ a two-way DNS match, you will miss out on a lot
of "legitimate" mail (from such places as Amazon, Yahoo, Hotmail,
etc..). And indeed, this is not how the Exim "verify = helo" works; it
merely verifies that _either_ of these conditions is met:
- the HELO name resolves to the calling IP, or
- the calling IP resolves to the HELO name.

Andrew satisifies the former of these two -- 'trinity.supernews.com'
resolves to 216.168.1.22 (plus another address).

-tor