Greylisting (WAS: gif attachments)

John Rudd jrudd at ucsc.edu
Thu Aug 24 03:27:39 IST 2006


On Aug 23, 2006, at 5:43 PM, Matt Kettler wrote:

> Michele Neylon:: Blacknight.ie wrote:
>> John Rudd wrote:
>>> a) had no PTR record,
>>
>> Reasonable enough
>>
>>> b) PTR and A record didn't match, or
>>
>> So what about shared hosting??
>
> Should work fine. He's not talking about comparing the PTR to the HELO.

Yeah, while I do some HELO filtering, I don't require that the HELO 
matches the PTR record.  Even what little HELO filtering I do (don't 
give me my own name in the helo string) is technically an RFC 
violation, but I'm comfortable with being just that out of spec.  
Anything more than that would be, IMO, inappropriate.

Though, looking through my nightly reports, I see that my DNS rules 
would catch 95% of those hosts anyway... so I may drop what little HELO 
filtering I'm doing.


> What John really means is that:
>
> Given an IP address, perform a PTR lookup. Take the results of that 
> PTR lookup
> and perform an A lookup on it. That should end up with the IP address 
> you
> started with.
>
>
> So he's looking for ip != A_lookup( PTR_lookup(ip))

Mostly correct.   The A_lookup can return multiple IP addresses, 
however so it's more like:

grep ip A_lookup(PTR_lookup(ip))


Sort of.



More information about the MailScanner mailing list