Matt wrote:
> How many block connections with no reverse DNS? How much collateral
> damage is there with doing that? How do you set it up in Exim?
>
We block connections with missing rDNS but only from a specified list of
countries:
AR, BG, BR, BY, CL, CN, CZ, ES, FR, ID, IN, IT, KR, LV, MX, MY, PE, PH,
PL, RO, RU, TR, VN
The reject message clearly says what's wrong, and so far I haven't had
any issues that I'm aware of.
The setup:
deny !verify = reverse_host_lookup
dnslists = countries.blackholes.us=\
127.0.3.2,\
127.1.0.0,\
127.0.7.6,\
...
message = your message goes here..
> Also, I heard some block IP addresses that look dynamic such as
> 127.0.0.1.myisp.com. How is that done?
>
With a regexp match against the connecting hostname.
However here we don't match against a generic rDNS. Instead we take
action against more specific domains patterns, like
deny condition = ${if match
{$sender_host_name}{\N^c-.*\.comcast\.net$\N} {yes}{no} }
We have about 50 patterns listed that helps keeping much of the junk away.
--
Andreas
