who is using require_rdns.m4?

Dan Harris dannyh at aac-services.co.uk
Tue Jun 7 10:03:27 IST 2005


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alisdair Davey scribbled on 06 June 2005 20:47:

> On Mon, 2005-06-06 at 13:39, Jeff A. Earickson wrote:
>> On Mon, 6 Jun 2005, Michele Neylon :: Blacknight Solutions wrote:
>> 
>>> Date: Mon, 6 Jun 2005 20:16:32 +0100
>>> From: "Michele Neylon :: Blacknight Solutions"
>>> 
>>> I'd love to do something with this, but I wouldn't like to drop the
>>> mail entirely, as I know that there would be a silly amount of
>>> valid mail dropped if I did.
>>> 
>>> How does it handle shared IPs?
>> 
>> I've seen machines with multiple NICs and IPs, but never heard of
>> two machines sharing the same IP.  Hunh?
> 
> I think he is referring to the situation where multiple domain names
> resolve to the same ip, but the ip can only resolve to one name. I
> would have thought this is quite common especially among ISPs.

Filtering based on invalid reverse DNS is a _really bad_ idea IMHO. The
situation described above will also happen where a company or individual
hosts multiple domains on a standard ADSL service, as these often only have
one IP address. How many potential customers do you want to loose by
rejecting that first contact email? Our management would never allow it, and
think what would happen to your job if you rejected an email that could have
landed your company a £multi-million contract?!?!

A much better way if you have to do something like this is to check that the
sending email address actually exists at MTA level, before accepting the
delivery. How to do this varies depending on the MTA, but has been discussed
fairly recently if you search the archives. Rejecting mail for non-existent
mailboxes also helps enormously, without annoying legitimate customers!

Finally, before I get taken to task over this I'm sure that there will be
occasional false positives generated by this configuration, but they will be
far far fewer than would occur using reverse DNS lookups. And if the
sender's MUA is that badly configured you'd not be able to respond to them
anyway!

Best Regards,

Dan Harris
Senior IT Systems Admin
AAC Services Ltd.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list