require_rdns.m4 (Was Require RDNS?)

[Steve Freegard]

Hi Jeff,

> Excellent point, I missed that.  However Da Boss asks "Can we try this
> in dry-run mode?  Just log what rdns would do, but not really do it?"
> She has a good point.  My ability to decipher sendmail.cf files has
> always been weak.  I thought about changing the $#error numbers to 200,
> but figured that would blow up.

Okay -- if you want to work out what would be blocked how about
something like this:

[root at gateway html]# grep -Poi 'relay=\[(.+)\]' /var/log/maillog | cut
-d[ -f2 | cut -d] -f1 | sort | uniq -c | sort -rn
   2712 80.54.0.150
    110 219.146.60.186
     72 221.201.152.114
     60 222.173.12.176
     59 219.146.60.213
     59 209.60.51.138
     56 219.146.60.242
     47 72.13.174.159
     47 219.146.60.118
     43 127.0.0.1

That's a list of the Top 10 IP addresses with no reverse DNS sorted by
the number of connections which would have been rejected.

Here's a list of 'may be forged' IP addresses that would be tempfailed:

[root at gateway html]# grep -Pio 'relay=.+ \[(.+)\] \(may be forged\)'
/var/log/maillog | cut -d[ -f2 | cut -d] -f1 | sort | uniq -c | sort -rn
     54 201.29.69.82
     46 203.187.194.174
     44 61.17.27.233
     40 85.136.41.187
     40 207.144.2.42
     29 84.204.244.138
     29 210.211.236.171
     27 24.69.160.154
     26 209.205.237.17
     26 203.187.222.130

Cheers,
Steve.