Author: W B Hacker Date: To: exim users Subject: Re: [exim] Rejecting direcly connected customers at connect time
Andreas Pettersson wrote:
> W B Hacker wrote:
> *snip*
>>
>>OTOH, before we get this far, we have already dropped arrivals that do not pass
>>forward/reverse lookup, have no DNS entry at all, so don't have to check every
>>arrival against these lists. Far from it!
>>
>>
>
> God, I would love to have my setup like that. Unfortunately my users are
> receiving legit mail from far too many braindead mail servers setups,
> and the morality among those admins is "It's working so why care about
> rdns?".
> Me rejecting them would result in something like "Hey, we have no
> problem sending mails to everyone else, it's your setup that is faulty".
Ah, well - the beauty of it is that they have no smtp-way of saying that to us
unless/until they fix the problem....
Plus - we point out that aware of it or not, they DO have a problem. Several
'major' ISP's will reject if they don't *at least* find an 'A' record, and a few
want to see a PTR as well.
One of our own servers ('A' but no 'PTR') hit *that* wall last year with traffic
to AOL, who are too big to ignore. Took us about five minutes by the wall clock
to get our upstream to add the PTR records. AFAIK, AOL have relaxed a bit, but
others way bigger than we are have also realized that this rule alone kills
nearly ALL zombies and most dynamic-IP MTA wannabees as well.
As to gripes;
For 'important' but non-technical customers who gripe, we 'VIP-pass' list',
seldom the whole network, usually just the specific distant correspondent, and
then only to a specific local destination. Both entries live in the same table,
but two searches seek different record types for an AND conditional.
Or get them to use a 'proper' account for traffic to us. Several far-end folks
have, for example, moved to gmail and like it, as it solved the same sort of
problem with *other* destinations.
For 'technically savvy' (and wiling) we provide advice as to how to correct
their problem. Order a fixed-Ip and put up proper DNS, else use a host that does
have these. No-brainer, really.
For the head-in-rectal-defilade crowd?
Just what could one hope to accomplish with them anyway?