[exim] is verify = reverse_host_lookup a good idea?

Top Page
Delete this message
Reply to this message
Author: Karl Fischer
Date:  
To: exim-users
Subject: [exim] is verify = reverse_host_lookup a good idea?
Hi,

I'm using exim for many years now and over time I have developed a
- more or less - complex set of filtering rules to prevent SPAM.

One of my main assumptions is that legitimate mail servers do (should)
have proper forward and reverse DNS records - however, that's not
always the case.

quite often I've read things like this here on this list:

> In acl_smtp_connect:
>
> verify = reverse_host_lookup    

>
> "Real folks" MTA have DNS creds. Botnet WinZombies do not. QED.


And that's right. REAL folks MTA do have DNS creds.

But there's another species: hosted web-servers ... *argh*

Many of them provide things like newletters etc.
And some of them host forums or - even worse - web shops where email
is essential - however, most email from this kind of hosts comes from
www-data@www.some-stupid-web-server.net and a reverse lookup to this
host leads to something like static-123-456-789.some-provider-net.
Of course forward and reverse DNS records on these hosts typically
don't match and most of the time there isn't even a valid MX record
for the domain listed in the envelope-from :-(

That kind of mail gives me every reason to reject it - however, my
customers/users do want it - for comprehensible reasons ...
It's not my user's fault the the moron running the web shop has no
clue about smtp/dns/rfcs et. al.

And there's other things that show that some sources of legitimate
email clearly aren't well configured mail-servers. Some of them for
example send bad EHLO (plain hostname, no dots, no domain part) or
invalid sender_domains, but they're still not SPAM.

I'm currently using manually maintained white lists to deal with that.

How do you deal with stuff like that?

Ideas welcome.

- Karl