On Tue, 5 Oct 2010, James Price wrote:
>
> Something like this might work:
>
> Make sure in global section you have:
> host_lookup = *
>
Oh, I forgot about that part. Thanks for
pointing it out.
> In acl_smtp_connect or other non data smtp ACL you could do something
> like:
> # Check for RDNS - if no PTR record - deny
> defer message = Defered! $sender_host_address reverse DNS
> lookup failed
> condition = ${if eq{$sender_host_name}{}{true}{false}}
>
> Ultimately if host_lookup fails looking for a valid ptr record, ie its
> empty, sender_host_name is left empty. You can defer based on that.
> You could also use dnsdb and do something like this as a replacement
> condition:
>
> condition = ${lookup dnsdb{ptr=$sender_host_address}{false}{true}}
>
> I use the first method, but with a reject rather than defer, but no
> reason you can't defer. There is certainly overhead doing a host_lookup
> for every connecting host, the second method I believe does the ptr
> lookup via dnsdb direct, not relying on the results of the host_lookup,
> which the first method employs.
>
> Thanks,
> James
>
>
>
--
--------------------------------------------------------
Dave Lugo dlugo@??? No spam, thanks.
Are you the police? . . . No ma'am, we're sysadmins.
--------------------------------------------------------
