Re: [exim] Blocking Users with No Reverse DNS

Góra strony
Delete this message
Reply to this message
Autor: Andreas Pettersson
Data:  
CC: exim-users, Matt
Temat: Re: [exim] Blocking Users with No Reverse DNS
Matt wrote:
> How many block connections with no reverse DNS? How much collateral
> damage is there with doing that? How do you set it up in Exim?
>


We block connections with missing rDNS but only from a specified list of
countries:
AR, BG, BR, BY, CL, CN, CZ, ES, FR, ID, IN, IT, KR, LV, MX, MY, PE, PH,
PL, RO, RU, TR, VN

The reject message clearly says what's wrong, and so far I haven't had
any issues that I'm aware of.

The setup:

    deny    !verify = reverse_host_lookup
        dnslists = countries.blackholes.us=\
        127.0.3.2,\
        127.1.0.0,\
        127.0.7.6,\
       ...
       message = your message goes here..


> Also, I heard some block IP addresses that look dynamic such as
> 127.0.0.1.myisp.com. How is that done?
>


With a regexp match against the connecting hostname.
However here we don't match against a generic rDNS. Instead we take
action against more specific domains patterns, like

    deny    condition = ${if match 
{$sender_host_name}{\N^c-.*\.comcast\.net$\N} {yes}{no} }


We have about 50 patterns listed that helps keeping much of the junk away.

--
Andreas