Re: [exim] Detect missing reverse dns

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Mailing List
Date:  
À: Todd Lyons
CC: exim-users
Sujet: Re: [exim] Detect missing reverse dns
On Fri, Jul 17, 2009 at 09:30:51PM -0700, Todd Lyons wrote:
> servers. I have decided that for now I'm only going to greylist those
> connections where the ip doesn't reverse resolve. From my limited
> understanding, the hosts line below should only pass when there is an
> actual PTR record for the IP address. But I get the log_message for
> every hosts that connects, with or without reverse dns. What's wrong
> with what I have below?
>
>   warn    !senders       = :
>           !authenticated = *
>           !hosts         = +relay_from_hosts
>           !hosts         = ${lookup dnsdb{ptr=$sender_host_address}{$value}fail}
>           log_message    = No reverse DNS for $sender_host_address, would greylist check


Try this instead:

  warn    !senders       = :
          !authenticated = *
          !hosts         = +relay_from_hosts
          !condition     = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
          log_message    = No reverse DNS for $sender_host_address, would gre\
ylist check


The "defer_never" is important. Without it, you might end up sending
a temporary error (4xx) code back to the sender if any part of the DNS
lookups hang for some reason. Unless that's what you want to have happen.
There's more detail about the defer_xx items in section 9.12 in spec.txt.

We also don't want to use "fail" in the failure of the lookup unless
you want to cause a 4xx code back to the sender if they don't have a
PTR record. That would be bad.

--
Dean Brooks
dean@???