[Mimedefang] validating 'possibly forged' helo IP's?
Gary Funck
gary at intrepid.com
Sat Jan 14 23:04:37 EST 2006
Speaking of rDNS, check out this log entry (user name and sub-domain,
obfuscated as 'fred').
Jan 10 09:09:02 intrepid sendmail[31995]: k0AH8pZE031992:
to=<fred at FRED.NULLUSER.COM>, ctladdr=<gary at intrepid.com> (1001/1001),
delay=00:00:06, xdelay=00:00:03, mailer=esmtp, pri=151951,
relay=mailhost.cotse.com. [216.112.42.58], dsn=4.0.0, stat=Deferred: 451
4.7.1 No RDNS: Sender IP address is not resolving:
http://mail.cotse.net/cgi-bin/whitelist-request-form.cgi?h=nrdns
------------------------
The web page stats:
Cotse.Net Whitelist Request Form
You have been directed to this page either because your machine issued an
attack on our server and was automatically blocked, because it has no rdns,
or because it's rdns looks like an end user machine and not a mail server
(due to massive numbers of spam zombied end user machines we've been forced
to employ some common pattern matching). Fill out the form below to get
automatically whitelisted.
------------------------
We're not on any RBL's, and haven't had any other complaints, so I assume
they're being overly cuatious. Interesting approach though.
PS: Although our name server handles the rDNS properly, however
http://dnsstuff.com tells
me that our upstream ISP-based NS does not. Perhaps that is what this site
was complaining about.
More information about the MIMEDefang
mailing list