Re: [exim] Excluding hosts from rdns checks

Top Page
Delete this message
Reply to this message
Author: Joan
Date:  
To: exim-users
Subject: Re: [exim] Excluding hosts from rdns checks
2009/4/6 Joan <aseques@???>:
> Good morning, I'm trying to set up the rdns checking to my server, but
> due to many providers not using reverse dns registers for they ip's
> it's no trivial.
> At this point i built a list of all the hosts for the country using
> the database here. http://phpweby.com/software/ip2country
> I would like to this:
> .- If the sending host is within the country list, no rdns checking
> should be done.
> .- If the sendign host is out of the list, usual checks should be applied.
>
> This is what I got so far:
>
>  .ifdef CHECK_RCPT_REVERSE_DNS
>  warn
>    message = Country hosts doesn't require rdns
>    hosts = ${if exists{CONFDIR/hosts_in_country}\
>                 {CONFDIR/hosts_in_country}\
>                 {}}
>  defer
>    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for
> $sender_host_address (${if
> eq{$host_lookup_failed}{1}{failed}{deferred}})
>     condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
>                      {yes}{no}}
>  .endif
>
>
> The problem is that currently the two tests are being done, and I
> would like the second one to be skipped if the first is positive.
> Which would be the way to accomplish that?
>

Well, I finally could make it work, so I'll post it here in case
anyone finds it useful (by the moment is doing a pretty good job)
I place this in 30_exim4-config_check_rcpt from debian configuration:

  .ifdef CHECK_RCPT_REVERSE_DNS
  defer
    !hosts = ${if exists{CONFDIR/hosts_in_country}\
                 {CONFDIR/hosts_in_country}\
                 {}}
    message = X-Host-Lookup-Failed: Reverse DNS lookup failed for
$sender_host_address (${if
eq{$host_lookup_failed}{1}{failed}{deferred}})
     condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
                      {yes}{no}}
  .endif


This way you can stop a massive amount of spammers, since no legit
mail should go to the internet without having a reverse DNS, while
having a conservative policy with the countries you receive most of
the mail.

Cheers