Res res at
Tue Apr 18 08:51:23 IST 2006

On Mon, 17 Apr 2006, John Rudd wrote:

>> You dont have to have matching A and PTR's but they both must exist, and we 
>> The hack is available at  if you 
>> have not seen it before.
> So, you make sure they have a PTR record for that relay's IP addr, but you 
> don't make sure that the name it gives has an A record that matches the 
> relay's IP addr?  That's what I'd like to see.

Correct, perfect strict matching comes undone with receiving mail 
from hosting servers where there can be thousands of A's, but only need
one PTR.

> The one thing I don't like, from reading the comments in require_rdns.m4 is:
> It treats forgeries as a temp failure, and no-rDNS as a permanent failure. 
> This is _exactly_ backward to me.  I want no-rDNS to be a temp failure (in

You are more than welcome to change the 5xx to a 4xx if you want, nothing 
stopping you.

> All of my no-rDNS submitters are being caught either by the greet_pause or by 
> filter_relay.  (so far today 3 no-rDNS hosts in greet_pause (out of 28 total 
> hosts caught by greet_pause, in 38 connection attempts), 46 no-rDNS hosts

on servers that do 100 msgs a second constantly, trust me we see it as
still a huge problem wiuthout it :)


More information about the MailScanner mailing list