Re: [exim] No Blacklist DNS List

Chris Edwards wrote:
> On Fri, 18 Apr 2008, Ian Eiloart wrote:
>
> | I hope you mean that if the reverse DNS entry for the sending IP address
> | ends in wellsfargo.com then you'll whitelist the address.
>
> Yep - I'm pretty sure this is what Marc P means. Need to check both:
>
> - The rDNS entry for the sending IP matches *.wellsfargo.com
>
> - The forward DNS entry for the resulting hostname machines the sending IP.
>
yes - that is what I mean. If email comes from a *.wellsfargo.com
forward confirmed host, it's ham.
> The latter check is needed to prevent a spammer who operates their own rDNS
> from spoofing the hostname. The two checks together are sometimes known
> as "forward-confirmed rDNS" (FCrDNS). Exim does this as a matter of course.
>
Yes - I'm talking about forward confirmed rDNS which can't be spoofed.
> BTW, wouldn't a "No Blacklist List" be more simply described as a "white list" ?
>
No - because Yahoo would be on the no blacklist list. But it wouldn't be on my whitelist. My whitelist is a ham only list. Yahoo would be on my yellow list which means it is a mixed source, but should never be blacklisted by IP address. Yahoo IPs tell you nothing about if the message is spam sho no blacklist tests need to be done.

One think I do different is that I look for ham, not just spam. So i test for spam and ham and try to narrow down the middle where a message is an unknown status.


So this new list is a combination of 3 of my other lists. It combines my white, yellow, and nobl lists. (nobl is not black, but maybe white. yellow is no black and no white) So if you are just doing black list checking you can check this list first and if listed not check your blacklists.