Re: [exim] rejecting un-resolvable IPs at smtp time

Startseite
Nachricht löschen
Nachricht beantworten
Autor: James Price
Datum:  
To: exim-users
Betreff: Re: [exim] rejecting un-resolvable IPs at smtp time
On Tue, 05 Oct 2010 09:38:44 -0700, Jim Pazarena <exim@???> wrote:
> In an effort to reduce spam, I would like to defer (rather than
> outright refuse) reception
> on any message that comes from a server without a PTR.
>
> I am not sure how to create an ACL to check for a non-existent
> PTR/unresolvable IP.
> I haven't found in FAQs this question.
>
> Advice would be appreciated.
> Thanks,


Something like this might work:

Make sure in global section you have:
host_lookup = *

In acl_smtp_connect or other non data smtp ACL you could do something
like:
# Check for RDNS - if no PTR record - deny
        defer    message   = Defered! $sender_host_address reverse DNS
lookup failed
                 condition = ${if eq{$sender_host_name}{}{true}{false}}


Ultimately if host_lookup fails looking for a valid ptr record, ie its
empty, sender_host_name is left empty. You can defer based on that.
You could also use dnsdb and do something like this as a replacement
condition:

condition = ${lookup dnsdb{ptr=$sender_host_address}{false}{true}}

I use the first method, but with a reject rather than defer, but no
reason you can't defer. There is certainly overhead doing a host_lookup
for every connecting host, the second method I believe does the ptr
lookup via dnsdb direct, not relying on the results of the host_lookup,
which the first method employs.

Thanks,
James