On Fri, Feb 29, 2008 at 09:07:55AM -0600, Matt wrote:
> > >> I have this to block connections with no reverse DNS:
> > >> # : no reverse dns
> > >> #defer !verify = reverse_host_lookup
> > >> # message = Reverse DNS lookup failed for host $sender_host_address
>
> > And rejecting based on missing reverse DNS has way too much false
> > positives.
>
> reverse_host_lookup seems to check if there is reverse DNS and also
> that it has a matching forward DNS. Is there a way to only check for
> reverse and not check that there is a matching forward? All my false
> positives seem to have a reverse DNS but the forward does not match.
Yes, but not directly through the built-in "reverse_host_lookup" ACL
parameter since it does the forward check automatically.
Here is the equivalent ACL you could use based upon your example:
defer
!condition = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
message = Reverse DNS lookup failed for host $sender_host_address
--
Dean Brooks
dean@???