[Mimedefang] Can MD/SA combo detect no reverse ip?

VonEssen, John vonessj at intelihealth.com
Thu Jun 12 10:48:07 EDT 2003


I tested a rdns m4 hack on Sendmail about a year ago. This hack will outright reject anything that does not reverse. After having it run for about 2 days, the amount of legitimate mail that got blocked was unbelievable. There are so many admins out there who don't properly maintain reverse dns. I am not talking about small outfights, some of the blocked mail was from large legitimate companies. Also, alot of companies use internal networks, there outbound IP could be that of their firewall if they didn't set things correctly. And alot of people dont reverse the IP of their firewall.
 
John 

	-----Original Message----- 
	From: G. Roderick Singleton [mailto:gerry at pathtech.org] 
	Sent: Thu 6/12/2003 10:27 AM 
	To: MimeDefang 
	Cc: 
	Subject: Re: [Mimedefang] Can MD/SA combo detect no reverse ip?
	
	

	On Thu, 2003-06-12 at 09:10, Joseph Brennan wrote:
	> --On Thursday, June 12, 2003 07:22 -0400 "G. Roderick Singleton"
	> <gerry at pathtech.org> wrote:
	>
	> > I have been watching my logs for the past few days and find that there
	> > is a bunch o' spam that gets trough with SA scores of less than the 5
	> > threshold I use and most of these don't resolve to a reverse address
	> > that is authoritative. I would like to block these and if possible block
	> > dns lamers.
	>
	> You'd be rejecting a lot of non-spam mail.  Some of the MSN mail
	> servers lack reverse DNS, as an example; so do miscellaneous
	> nonprofits and small businesses.  Remember the RFCs do not require
	> rDNS for mail hosts.
	
	I'll think about this. I am not overly concerned about MSN clients even
	Non-profits that use this service. For non-profits there are other
	services that are better suited. For example, http://www.torfree.net/
	Even I am not certain that I want any unsubscribed solicitations.
	However, one must start somewhere, so I will do as everyone has
	recommended.
	
	>
	> But you could add to the spam score.
	>
	> In filter_begin()
	>
	>     # Spamassassin tweaks using relay information
	>     $SA_score_additions = 0;
	>     $SA_test_additions = "";
	>
	>     # Prejudice against no rDNS
	>     if ($RelayHostname =~ /\[$RelayAddr\]/) {
	>         $SA_score_additions += 2;
	>         $SA_test_additions .= ",NO_RDNS";
	>     }
	>
	
	I like David's lower score better and will use that.
	
	>
	> In filter_end(), add the score and test name right after you run
	> Spamassassin, like this.
	>
	>             my($hits, $req, $names, $report) = spam_assassin_check();
	>
	>             # add our things
	>             $hits += $SA_score_additions;
	>             $names .= $SA_test_additions;
	>
	>
	> The reason I did it this way was to use the $RelayHostname
	> and $RelayAddr values that we get in Mimedefang.
	>
	> Adding 2 is enough for us.
	>
	
	Much obliged to all for a solution.
	
	--
	Gerry Roderick Singleton <gerry at pathtech.org>
	416-452-4583
	
	_______________________________________________
	MIMEDefang mailing list
	MIMEDefang at lists.roaringpenguin.com
	http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
	



More information about the MIMEDefang mailing list