greylisting?
Res
res at ausics.net
Tue Apr 18 08:51:23 IST 2006
On Mon, 17 Apr 2006, John Rudd wrote:
>> You dont have to have matching A and PTR's but they both must exist, and we
>>
>> The hack is available at http://support.ausics.net/require_rdns.m4 if you
>> have not seen it before.
>
> So, you make sure they have a PTR record for that relay's IP addr, but you
> don't make sure that the name it gives has an A record that matches the
> relay's IP addr? That's what I'd like to see.
Correct, perfect strict matching comes undone with receiving mail
from hosting servers where there can be thousands of A's, but only need
one PTR.
> The one thing I don't like, from reading the comments in require_rdns.m4 is:
>
> It treats forgeries as a temp failure, and no-rDNS as a permanent failure.
> This is _exactly_ backward to me. I want no-rDNS to be a temp failure (in
You are more than welcome to change the 5xx to a 4xx if you want, nothing
stopping you.
> All of my no-rDNS submitters are being caught either by the greet_pause or by
> filter_relay. (so far today 3 no-rDNS hosts in greet_pause (out of 28 total
> hosts caught by greet_pause, in 38 connection attempts), 46 no-rDNS hosts
on servers that do 100 msgs a second constantly, trust me we see it as
still a huge problem wiuthout it :)
--
Cheers
Res
More information about the MailScanner
mailing list