Re: [exim] 2nd Stage DNS blocking

On 2016-10-08, Always Learning <exim@???> wrote:
>
> On Sat, 2016-10-08 at 14:06 +0300, Lena@??? wrote:
>
>> Honest users send non-spam messages from dynamic IP-addresses.
>
> But do those "honest" (better: "genuine") users have:-
>
> (1) rDNS ? Probably not because it is a dynamic IP address with a host
> name, if a host name actually exists, like
> 123-123-123-66.dymanic.example.net
>
>
> (2) A HELO/EHLO name which resolves to the IP address being used ?
> Probably not.
>
>
> How can the "honest" receivers of emails (MTA sites) distinguish (or
> separate) the "honest" incoming traffic from the usual flood of
> "dis-honest" traffic sent from the same range of IP address ?
>
> Why are "honest" users with dynamic IP addresses, unable to route their
> outgoing email traffic via a smarthost or via a very cheap VPS running
> MTA software like Exim ? VPS's usually have between 1 and 8 fixed, or
> static, IPv4 addresses plus the ability to create DNS records such as A
> and MX.

Honest users will be sending through a smarthost, so probably an 'a'
in the 'by' clause unless they have some other arrangement with the
smarthost, or the smarthost has a broken by clause.
For this reason checking foreign received headers is a bad idea.

As received headers can trivially be forged, they are unsuited
to use in whitelisting.

>> Those dynamic IP-addresses often are in blacklists.
>
> Because mail admins, like me for example, are unhappy at the vast amount
> of spam originating from ranges of dynamic IP addresses. After a while,
> we block hosts like

You could just do what bt-internet does, and blaclist everyone, and
only whitelist on request, but that may require additional staff....

--
This email has not been checked by half-arsed antivirus software