Re: reject smtp connections if no valid reverse dns?

[Matti Aarnio <mea@nic.funet.fi>]

On Mon, Jul 22, 2002 at 12:26:05PM -0400, Benjamin LaHaise wrote:
> Hey folks,
> 
> In my attempts to deal with the massive increase in spam lately, I've 
> noticed a number of messages arrive from mail servers that do not have 
> correct reverse DNS mappings.  Any chance of getting a flag for this in 
> smtpserver.conf, or am I just being blind and not finding it?

  I don't support the school of thinking that reverse DNS data is
  mandatory, but...  there are couple ways to achieve it.

  If you configure the compilation, and smtpserver.conf to use
  tcp-wrapper, then there is possibly a way with tcp-wrapper
  for doing it...   It is something obscure -- "UNKNOWN" ?
  I suggest that the response (rejection) given by the server
  is set into

  hosts.allow:
   smtp-receiver: ALL@KNOWN

  hosts.deny:
   smtp-receiver: ALL@UNKNOWN : echo "450 4.7.1 IP address reverse failure,
	connection unacceptable	presently."


  Or something of that effect -- possibly ALL@PARANOID to be allowed,
  and ALL@ALL to be denied, but I am not sure of which way those files
  are used -- deny first, or allow first ?


  Smarter approach would be one which allows delivery to POSTMASTER,
  but won't like it for anybody else..  Carefull separation of NOERROR
  without data and NXDOMAIN, versus timeouts, et.al. (400 vs. 500 series
  codes, and all that)  --  lack of which separation I consider biggest
  infrastructure lack of sendmail...

  However that needs some additional code, I think.



  What I do to combat spam is reception content filter.  It rejects
  all messages smelling of HTML, and is amazingly effective way.
  Extending it to cover spam-assassin would be even more effective,
  but my time has been quite taken up lately...

> 		-ben
-- 

/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi