Re: [exim] ot: rDNS + spam assassin

Góra strony
Delete this message
Reply to this message
Autor: Jan Ingvoldstad
Data:  
Dla: Exim-users
Temat: Re: [exim] ot: rDNS + spam assassin
On Tue, Sep 20, 2016 at 4:12 PM, Always Learning <exim@???> wrote:

>
> On Mon, 2016-09-19 at 11:29 -0400, Dave Lugo wrote:
>
> > Yes, you should have some way to override the missing rDNS check. But
> > rejecting on missing rDNS is mostly safe, in my opinion and experience.
>
> Agreed. Only positive action will reduce spam. Meekly accepting spam
> just encourages more spam.
>


While semi-blindly rejecting ham, will mostly lead to irritation among your
users and those they communicate with.

Striking a balance is difficult, but most users will be happy if they feel
they have some degree of control.

I see some challenges with your suggested filtering rules:


>
>
>
> drop   condition  = ${lookup dnsdb{ptr=$sender_host_address} {0}{1} }
>        message    = [SNA03] Rejected. Sender's IP address has no Host
> name. \
>                     MESS3
>        delay      = 15s

>


This would appear to fail if _you_ have a DNS problem.


>
> drop   condition  = ${if and{{def:sender_host_address}{!
> def:sender_host_name}} \
>                        {yes}{no}}
>        message    = [SNA04] Sender's Host has No Reverse DNS. \
>                     Ask your technical experts to rectify the problem.

>


This would also appear to fail if _you_ have a DNS problem.

I would recommend deferring the decision until later in the two above cases.



>
>
> drop condition = ${if match{${lc:$sender_host_name}} \
> {(broadband|client|customer|dsl|dyn|dynamic|home|host|static|user)(\\d|
> \\.|\\-|ip)} \
>


This would appear to eliminate several legitimate hosting providers which
are not home internet connections, as you don't check on word boundaries,
and even so, might match other legitimate services.

--
Jan