[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: reject smtp connections if no valid reverse dns?
On Mon, Jul 22, 2002 at 12:26:05PM -0400, Benjamin LaHaise wrote:
> Hey folks,
>
> In my attempts to deal with the massive increase in spam lately, I've
> noticed a number of messages arrive from mail servers that do not have
> correct reverse DNS mappings. Any chance of getting a flag for this in
> smtpserver.conf, or am I just being blind and not finding it?
I don't support the school of thinking that reverse DNS data is
mandatory, but... there are couple ways to achieve it.
If you configure the compilation, and smtpserver.conf to use
tcp-wrapper, then there is possibly a way with tcp-wrapper
for doing it... It is something obscure -- "UNKNOWN" ?
I suggest that the response (rejection) given by the server
is set into
hosts.allow:
smtp-receiver: ALL@KNOWN
hosts.deny:
smtp-receiver: ALL@UNKNOWN : echo "450 4.7.1 IP address reverse failure,
connection unacceptable presently."
Or something of that effect -- possibly ALL@PARANOID to be allowed,
and ALL@ALL to be denied, but I am not sure of which way those files
are used -- deny first, or allow first ?
Smarter approach would be one which allows delivery to POSTMASTER,
but won't like it for anybody else.. Carefull separation of NOERROR
without data and NXDOMAIN, versus timeouts, et.al. (400 vs. 500 series
codes, and all that) -- lack of which separation I consider biggest
infrastructure lack of sendmail...
However that needs some additional code, I think.
What I do to combat spam is reception content filter. It rejects
all messages smelling of HTML, and is amazingly effective way.
Extending it to cover spam-assassin would be even more effective,
but my time has been quite taken up lately...
> -ben
--
/Matti Aarnio <mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi