Bill Hayles wrote:
> Hi, fellow Bill,
Greets..
;-)
*snip*
>> will eventually show up.. see below in re rDNS.
>
> OK, not strictly Exim related, but one of my hobbyhorses. If you do
> that, you block a lot of legitimate servers (including mine!).
Not so! I AM running Exim rDNS check, and did NOT block your direct OFF
tahini response.
You(r server) passed the rDNS check for the IP from whence you
connected: craybox.com .....on 80.35.22.107.
From *manual* inspection with 'host' and 'dig', one could argue that
you should NOT have passed...
;-)
.... but Exim's rDNS checking is very 'wise' w/r not rejecting unless it
has to..
> Luckily, I find all major servers only block addresses allocated
> dynamically; those allocated to fixed IP accounts are accepted.
>
Well - that IS the very point of an intelligent rDNS check.
And Exim's is by no means hard-edged.
Read the exceedingly well-documented source code in hosts.c
> Also, this approach does not catch spam mail from infected computers
> (of which I get plenty).
>
Oh, but it DOES! Near-as-dammit 100% of it.
It is fairly uncommon for a *server*, even a Windows 'server', running
as an MTA on a public-facing fixed-IP with all the correct DNS
credentials to be *allowed* to be infected for very long. These get
noticed and fixed.
Wot becomes infected AND NOT noticed or corrected for *long* periods at
a time are predominantly the ordinary residential or SME user's
'Win-desktop'.
Those are *nearly always* on dynamic IP with no PTR RR, hence no way to
reverse that IP via a PTR RR to an A or MX record match.
Those WILL fail Exim's rDNS check. As they should do.
Easy enough to check.
'Present Day' - Turn it ON with a 'warn verb' and a log_message instead
of a 'deny' in acl_smtp_connect:
warn # check only port 25, not users submitting on port 587
condition = ${if eq{$interface_port}{25}}
!verify = reverse_host_lookup
log_message = rDNS fail for $sender_address
Check your logs after time 't' and see how many valid senders you would
have rejected. Odds are, a whitelist of as few as a dozen will cover
those few who have a problem .. all YEAR...
Not at all a hard to check historically, either -
Look at the old logs or even old message headers. Pick a few entries
rejected late in the session - or worse - POST session ....
...and do a 'host <the IP>' on the suspect ones, then 'dig any .. ' on
the returned <domain>.<tld>. IF there even IS one..
See how many .. or FEW ... resolve and match to have passed Exam's rDNS
test. And how few - if any - 'legitimate' ones would have failed.
Or use Exim's debug to check 'right now'.
'bogus senders' are the first to fall by the wayside...
QED
Bill
