Hi,
I'm using exim for many years now and over time I have developed a
- more or less - complex set of filtering rules to prevent SPAM.
One of my main assumptions is that legitimate mail servers do (should)
have proper forward and reverse DNS records - however, that's not
always the case.
quite often I've read things like this here on this list:
> In acl_smtp_connect:
>
> verify = reverse_host_lookup
>
> "Real folks" MTA have DNS creds. Botnet WinZombies do not. QED.
And that's right. REAL folks MTA do have DNS creds.
But there's another species: hosted web-servers ... *argh*
Many of them provide things like newletters etc.
And some of them host forums or - even worse - web shops where email
is essential - however, most email from this kind of hosts comes from
www-data@www.some-stupid-web-server.net and a reverse lookup to this
host leads to something like static-123-456-789.some-provider-net.
Of course forward and reverse DNS records on these hosts typically
don't match and most of the time there isn't even a valid MX record
for the domain listed in the envelope-from :-(
That kind of mail gives me every reason to reject it - however, my
customers/users do want it - for comprehensible reasons ...
It's not my user's fault the the moron running the web shop has no
clue about smtp/dns/rfcs et. al.
And there's other things that show that some sources of legitimate
email clearly aren't well configured mail-servers. Some of them for
example send bad EHLO (plain hostname, no dots, no domain part) or
invalid sender_domains, but they're still not SPAM.
I'm currently using manually maintained white lists to deal with that.
How do you deal with stuff like that?
Ideas welcome.
- Karl
