Re: [exim] Detect missing reverse dns

Top Page
Delete this message
Reply to this message
Author: MarkdV
Date:  
To: Exim Mailing List
Subject: Re: [exim] Detect missing reverse dns
Ian P. Christian wrote:
>
> I urge you, and everyone else running an MX to just outright reject
> mail from hosts without rDNS - there's no excuse for mail server
> admins not to do this, and people not being strict means spammers can
> get away with more on botnets.
>
> The stricter we all are, the better.


You seem to advocate this every chance you get. :)

And I wish I could do it. But it rejects way to much ham. And when ~300k
DSL customers start complaining about that... management... and I have
to disable the check again. Been there and done that.

I'm thinking of trying something like this in acl_smtp_mail:

  defer
  ! sender        = :
  ! dnslists      = list.dnswl.org
  ! verify        = reverse_host_lookup
  ! verify        = helo
    ratelimit     = X_DNS_HELO_LIMIT / per_mail / leaky / 
$sender_host_address
    message       = Ratelimited. Fix your (r)DNS and/or HELO for faster 
deliveries.


The check is a lot stricter than you propose, but the consequences of
failing are less severe so...

Thoughts?

> We use this:
>
>   deny
>   ! condition      = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
>     log_message    = [RDNS] no PTR found for $sender_host_address
>     message        = This host has no reverse DNS, See \
>                      http://postmaster.timico.net/faq.html#RDNS for
> more information.


Actually, I _do_ do this for senders that are listed in the spamhaus pbl
and dul.sorbs. But that was as much as I could get away with.

Guess what we _really_ need is for hotmail and gmail and some such to
start requiring proper dns - and helo's IMHO. But as long as it means
rejecting significant amounts of ham that's not gonna happen. None of
them will want to be known for rejecting more ham than the other... If
they would team-up though... Then the whole 'missing ham' problem would
also fix itself because everyone would run to fix their dns (and helos)
to be able to deliver to hotmail and gmail.

Just thinking out loud,
Mark.