Re: [exim] ot: rDNS + spam assassin

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: stefand@korbitec.com
Data:  
Para: John McMurray, Mike Tubby, exim-users@exim.org
Asunto: Re: [exim] ot: rDNS + spam assassin
Nominally increased spam score is OK, as long as you're also checking a couple of DNS blacklists.

I only outright reject a remote host if it only presents an IP address, DNS lookup fails and blacklist check fails. Currently not receiving a lot of spam at all and rejection over 5000 messages.




-------- Original message --------
From: John McMurray <john@???>
Date: 19/09/2016 17:52 (GMT+02:00)
To: Mike Tubby <mike@???>, exim-users@???
Subject: Re: [exim] ot: rDNS + spam assassin

Hi Mike,

That's answers the second part of the question I initially asked, where
the reverse and forward domains don't exactly match for any of the
reasons you mention below.

What I am not sure about is who's problem is that? Is it mine on the
receiving end, or theirs? If they are using mismatched hosts is that not
something they are doing in a non standard way, and if so why should I
open myself up to more spam to accommodate them?

I'm not exactly a networking person so I don't know, just asking to learn..

Thanks again,

John




On 19/09/2016 17:43, Mike Tubby wrote:
>
>
> On 9/19/2016 4:29 PM, Dave Lugo wrote:
>> On Mon, 19 Sep 2016, Mike Tubby wrote:
>>>
>>> There is no 'law' that says your reverse DNS must work and its
>>> simply dangerous to use the heuristic no rDNS => High probability of
>>> SPAM.
>>
>> I respectfully disagree. It's as dangerous as any other very effective
>> spam filtering method - high accuracy, low FPs.
>>
>> Yes, you should have some way to override the missing rDNS check. But
>> rejecting on missing rDNS is mostly safe, in my opinion and experience.
>>
>
> My point is that there's nothing in any of the RFCs that says your
> reverse DNS must work which is why we perform our checking against
> known block lists such as SpamHaus et. al.
>
> Our experience is that rDNS cannot be used reliably for several
> reasons that include:
>
>     * multiple hosts behind load balancer

>
>     * mis-match between exact host and generic host like
> "mx01a.megacorp.com" and "mx.megacorp.com"

>
>     * internal hosts calling out through firewalls, eg. host
> MSEXCH01.internal.megacorp.com calls out through a firewall with a
> public IP that either reverses to "fw.megacorp.com" or in case of some
> organisations like the police is simply anonymous (no rDNS)

>
> hence our experience is that it is dangerous to attribute lack of
> correct rDNS to being SPAM, however YMMV ;-)
>
> Mike
>
>



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/