[Mimedefang] OT - Using rDNS sendmail hack - your experiences
Rich West
Rich.West at wesmo.com
Tue Apr 26 16:21:23 EDT 2005
Personally, we've looked in to it. We tend to agree that AOL's position
is somewhat aggressive since their techs are usually behind the time and
don't support their own new technologies well. But, political opinions
aside, we were leary about implementing it because, frankly, we were
afraid of the possible negative impact. So, we have relied on
MimeDefang to do this check for us..
However, as time has worn on (and the amount of SPAM has blossomed), we
have started testing this hack on our in-house testing server. Hearing
of your experiences does make me feel a bit better regarding the patch,
too. Do you have any stats on how many connections this has prevented?
I'd personally be interested in seeing your modified version of the hack
(your hacked hack :) ) just to see and understand the differences.
-Rich
>Hello all, this is a bit off topic but relevant.
>
>We finally decided it was probably time to implement AOL style reverse DNS
>checks into our MTA. Since AOL has been doing it now for something like 6
>months it is a pretty fair bet that most US customers that are legit have
>corrected their DNS issues... or so we thought!
>
>Why reinvent the wheel... we implemented a slightly modified version of this
>sendmail m4 HACK here: http://www.cs.niu.edu/~rickert/cf/hack/require_rdns.m4
>
>Which basically does this:
>
>1. Check relay for rDNS then check the response (gethostbyaddr check)
>2. If there is not PTR record FAIL
>3. If you cannot find DNS record for it at all, maybe DNS is down, TEMPFAIL
>4. If there is rDNS (PTR) but it appears forged (different than forward or
>result doesnt resolve), TEMPFAIL
>
>
More information about the MIMEDefang
mailing list