Autor: Kaz Kylheku Data: A: exim-users Assumpte: [exim] Exim says it finds host name,
then says it failed to find host name and doesn't apply host-based
deny rules.
Hi All,
I'm having some spam get through because filtering that relies on
reverse DNS is
behaving in the following way:
First we have:
webserver:~# exim4 -bh 200.74.217.158
**** SMTP testing session as if from host 200.74.217.158
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 200.74.217.158
>>> IP address lookup yielded mail.radarsystems.net
>>> gethostbyname2 looked up these IP addresses:
>>> name=radarsystems.net address=200.74.217.141
Okay, the forward and reverse DNS doesn't match, but the IP
address reverse-resolves to an address. So far so good.
>>> processing "deny"
>>> check hosts = *.pwrz.at : *.ampledns.com : *.radarsystems.net
>>> sender host name required, to match against *.pwrz.at
>>> host in "*.pwrz.at : *.ampledns.com : *.radarsystems.net"? no (failed to find host name for 200.74.217.158)
>>> deny: condition test failed
Why isn't the earlier lookup used?
If it is because the forward and reverse DNS didn't match, isn't that
kind of dumb?
If there was a way to reject such hosts upfront, that would work.
What's a good way to write a deny rule like that?