OT: Seeking opinion about reverse-DNS lookups on SMTP HELO
Alexander Dalloz
ad+lists at uni-x.org
Tue Dec 14 17:20:26 UTC 2004
Am Di, den 14.12.2004 schrieb HaJo Schatz um 13:02:
> To combat spam I have enabled reverse-DNS lookups of incoming SMTP
> connections. If the FQDN does not match the HELO-Identity, I reject the
> connection with a 550 Error.
>
> I have now found that this breaks communication even with reputable
> (well, an international bank that is) peers. Dunno how much more mail I
> may have lost through this... How are you out there handling that, are
> you doing reverse-lookups?
> HaJo Schatz <hajo at hajo.net>
In addition to the answers you already got: checking for an existing
reverse DNS will block too many innocent senders. See i.e. comments and
implementation for Sendmail
http://www.cs.niu.edu/~rickert/cf/
"HACK(`require_rdns') -- reject mail from sites without valid reverse
DNS. Access entries allow individual override. I don't recommend this.
The amount of collateral damage is excessive."
From the same site see the discussion about HELO/EHLO checks:
http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html
I myself block hosts which claim to be my mail host itself by giving
it's IP in the HELO statement. I only saw spamming attempts to be
blocked so far and no legitimate senders.
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp
Serendipity 18:10:22 up 4 days, 12:51, load average: 0.37, 0.36, 0.49
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041214/8e3a81ae/attachment-0001.sig>
More information about the fedora-list
mailing list