On Tue, Sep 20, 2016 at 4:12 PM, Always Learning <exim@???> wrote:
>
> On Mon, 2016-09-19 at 11:29 -0400, Dave Lugo wrote:
>
> > Yes, you should have some way to override the missing rDNS check. But
> > rejecting on missing rDNS is mostly safe, in my opinion and experience.
>
> Agreed. Only positive action will reduce spam. Meekly accepting spam
> just encourages more spam.
>
While semi-blindly rejecting ham, will mostly lead to irritation among your
users and those they communicate with.
Striking a balance is difficult, but most users will be happy if they feel
they have some degree of control.
I see some challenges with your suggested filtering rules:
>
>
>
> drop condition = ${lookup dnsdb{ptr=$sender_host_address} {0}{1} }
> message = [SNA03] Rejected. Sender's IP address has no Host
> name. \
> MESS3
> delay = 15s
>
This would appear to fail if _you_ have a DNS problem.
>
> drop condition = ${if and{{def:sender_host_address}{!
> def:sender_host_name}} \
> {yes}{no}}
> message = [SNA04] Sender's Host has No Reverse DNS. \
> Ask your technical experts to rectify the problem.
>
This would also appear to fail if _you_ have a DNS problem.
I would recommend deferring the decision until later in the two above cases.
>
>
> drop condition = ${if match{${lc:$sender_host_name}} \
> {(broadband|client|customer|dsl|dyn|dynamic|home|host|static|user)(\\d|
> \\.|\\-|ip)} \
>
This would appear to eliminate several legitimate hosting providers which
are not home internet connections, as you don't check on word boundaries,
and even so, might match other legitimate services.
--
Jan