[Mimedefang] rejecting on helo,drive-by-relay,forged_sender,

Ben Kamen bkamen at benjammin.net
Wed Jan 14 08:45:11 EST 2004


I agree - I used rDNS blocking for a long time and companies TI.com (Texas
Instruments) would fail since their rDNS wasn't set up right. Can you
believe it? rDNS blocked about half of my total spam for the month. I
finally turned it off to see how much would still get through now that
I've got MD/SA set up and it's working so nicely.. I also added SpamHaus's
xbl DNS blacklist which hopefully will cover more of what rDNS is missing.

I laughed while I was unemployed that I couldn't get a job even doing DNS
admin when so many companies/ISP's haven't a clue about how DNS works or
are just too lazy to do anything about.

And the error messages... boy.. EVERYONE tells me, "I can't send you email
and I don't know why - all I get back is "message delivery failed" and I
talk to them further to find out that their mail server stripped off the
actual return email error codes and all - that's REALLY all they get back.

The internet is in shambles right now.

 -Ben

On Wed, 14 Jan 2004, Chris Myers wrote:

> ----- Original Message -----
> From: "Lucas Albers" <admin at cs.montana.edu>
> To: <mimedefang at lists.roaringpenguin.com>
> Sent: Tuesday, January 13, 2004 12:43 PM
> Subject: Re: [Mimedefang] rejecting on helo,drive-by-relay,forged_sender,
>
>
> > Chris Myers said:
> > >
> > > Some ISP's don't bother to set up reverse DNS for their customers so
> > > $RelayHost will never match $helo...  Sad but true.
> >
> > You would expect them to use mx hosts with at least reverse dns.
> > If AOL accepts only with reverse DNS.
> > Couldn't you argue the generally accepted standard is to reject relays
> > without reverse DNS?
>
> The ISP owns the IP addresses, so if they are too lazy to set up reverse DNS
> the customer has limited recourse.  And most customers are not technical
> enough to even know that they need to ask for it.  Keep in mind that the
> Internet functions just fine without reverse DNS until the receiving party
> (us) decides to do some form of validation ... most don't even today, and
> virtually none did even a few years ago -- and those that did were called
> some form of "network police" in polite conversation.
>
> The customer, on the other hand, owns and operates the MX server.  They set
> it up in a virtual absence of knowledge about DNS other than "my resolver IP
> address is A.B.C.D".  Most people out there are what I call "designated
> experts", not real experts.
>
> I just went through fixing reverse DNS for a customer in the last couple of
> weeks.  They weren't able to send e-mail to AOL and had NO IDEA why that
> would be the case.
>
> My real point is basically that using the results of a HELO test for
> "broken" conditions as an on/off switch is going to cause more breakage.
> Your users eventually WILL need to talk to someone who doesn't have working
> reverse DNS for some reason.  If you want to perform these tests, consider
> saving the results and make an adjustment to the SpamAssassin score rather
> than saying "You don't have the optional PTR records for your IP address, we
> refuse to accept mail from you."
>
> The wonderful thing about the SpamAssassin scoring system is that none of us
> had mailers that refused all e-mail from the Internet when a certain DNSBL
> went offline by listing the entire Internet as a spam source.  Sites that
> used the DNSBL's directly in sendmail as an on/off switch lost all their
> mail for a day or two!
>
> Chris
>
>
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>

-- 
Ben Kamen - O.D.T., S.P.
----------------------------------------------------------------------
Home: ben at benjammin.net                       http://www.benjammin.net
Work: bkamen at uiuc.edu
gPG Pub Key - http://www.benjammin.net/www/pages/library

***************************************************************************
* NOTE: Opinions and Views discussed via email are my own and not that    *
* of the State of Illinois, University of Illinois or the Illinois Dept   *
* of Natural Resources.                                                   *
***************************************************************************

'/usr/games/fortune' says:
... And malt does more than Milton can
To justify God's ways to man
		-- A. E. Housman



More information about the MIMEDefang mailing list