Ian P. Christian wrote:
>
> I urge you, and everyone else running an MX to just outright reject
> mail from hosts without rDNS - there's no excuse for mail server
> admins not to do this, and people not being strict means spammers can
> get away with more on botnets.
>
> The stricter we all are, the better.
You seem to advocate this every chance you get. :)
And I wish I could do it. But it rejects way to much ham. And when ~300k
DSL customers start complaining about that... management... and I have
to disable the check again. Been there and done that.
I'm thinking of trying something like this in acl_smtp_mail:
defer
! sender = :
! dnslists = list.dnswl.org
! verify = reverse_host_lookup
! verify = helo
ratelimit = X_DNS_HELO_LIMIT / per_mail / leaky /
$sender_host_address
message = Ratelimited. Fix your (r)DNS and/or HELO for faster
deliveries.
The check is a lot stricter than you propose, but the consequences of
failing are less severe so...
Thoughts?
> We use this:
>
> deny
> ! condition = ${lookup dnsdb{defer_never,ptr=$sender_host_address}{yes}}
> log_message = [RDNS] no PTR found for $sender_host_address
> message = This host has no reverse DNS, See \
> http://postmaster.timico.net/faq.html#RDNS for
> more information.
Actually, I _do_ do this for senders that are listed in the spamhaus pbl
and dul.sorbs. But that was as much as I could get away with.
Guess what we _really_ need is for hotmail and gmail and some such to
start requiring proper dns - and helo's IMHO. But as long as it means
rejecting significant amounts of ham that's not gonna happen. None of
them will want to be known for rejecting more ham than the other... If
they would team-up though... Then the whole 'missing ham' problem would
also fix itself because everyone would run to fix their dns (and helos)
to be able to deliver to hotmail and gmail.
Just thinking out loud,
Mark.
