Re: [exim] Exim 4.72: preventing backscatter

On Thu, Aug 28, 2014 at 8:57 AM, Klaus Ethgen <Klaus+exim@???> wrote:
>> 2. Reject everything which does NOT have a Reverse DNS (meaning the Host
>> IP has a Host Name and that Host Name resolves to the original Host IP
>> address)
> That would work in an optimal world. However, the world is not optimal
> and there are many servers out there that are miss configured relating
> to reverse DNS or DNS at all. Even senders that tell them self
>
>> 3. Reject everything that appears to come from a
>> non-professional/non-official host name, for example here are a few of
>> today's rejects (rejected by our servers in ACL Connection)
> - - People, mostly IT professionals, that want to run there own mail
> server at home but are not able to get a proper reverse DNS entry,
> (i.e. as it is a dynamic address or as the service provider don't do
> that entries) This is especially valid in current days when you don't
> want your mails going through servers that you don't trust.
> - - Some valid senders might be a hostname that has a broken reverse DNS
> like the one below.

In both of the above cases, greylisting instead of rejecting will
solve the issue. Valid senders will be running legitimate mail
servers that will queue and retry the mail later. Botnet mail servers
will try once, won't both queueing, give up on that recipient, and
move on to the next one.

...Todd

--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine