[Mimedefang] DNS Lookups in MD - Was RBL and DNS lookups

Fri May 11 22:38:13 EDT 2007

On 11 May 2007 at 11:46, Kevin A. McGrail wrote:

> > You really shouldn't have to do any DNS lookups until you run SA.
> > Sendmail will have already done a reverse lookup on the connecting IP
> > address (available in $RelayHostname), so there's nothing much else to
> > look up.
> 
> I disagree.  I run at least to routines in my filter which use DNS which I 
> find very effective.
> 
> The first is to check for valid MX records on the sender.  I use this to 
> reject email and it works VERY well.

What's your hit rate for this?  In particular, what's your hit rate for 
messages that *only* this catches?

> Get the perl module from CPAN. Net::validMX.

Already tested.  For me, it only stops about 1% from getting to SA that 
wasn't being stopped through non-network tests.  That's not worth the 
code or the DNS lookup.

> in filter_sender add something like this:
> 
> if ($sender ne '<>') {

Why would you restrict it this way?  If someone is bouncing and they 
don't have a valid MX, then you never sent them mail anyway, and it's a 
spoof.  So, *anything* without a valid MX should be tossed.

> The second is a reverse DNS check that I then use to score with in 
> SpamAssassin.  It has some pros and cons.  The pro is that it works very 
> well.

Again, tested, and in just 14 checks that weren't already being 
stopped, it yielded 2 erroneous results.

Even with just scoring that's too dangerous, as any score that did 
enough to matter would likely push something into "spam territory".

> BTW, several years ago, someone helping me with RelayRegistry showed me how 
> to start making MD "mini" modules.  I didn't understand what they meant then 
> but now I see the error of my ways.  However, despite my searching, I can't 
> find the info.  I'm looking to do something like put all the reverse DNS 
> info in a separate file and use a C-esque #INCLUDE.

Here's my entire mimedefang-filter...it's doing something like you 
want:

#######################################################################
# -*- Perl -*-
# vim:ts=2:sw=2
#***********************************************************************
#
# mimedefang-filter
#
#***********************************************************************

use strict;
use lib '/etc/mail';

use DBI;
use Net::CIDR;
use Net::DNS;
use Digest::Hashcash;
use Net::Domain qw(hostname hostdomain);

# Must declare globals here...can initialize elsewhere

use vars qw(%nabs %db_sth %gl_sth %gl_greystatus %gl_greynames);

require 'filter/globals';
require 'filter/utility';
require 'filter/db';
require 'filter/greylist';
require 'filter/initialize';
require 'filter/cleanup';
require 'filter/outgoing';
require 'filter/relay';
require 'filter/helo';
require 'filter/sender';
require 'filter/recipient';
require 'filter/filter';
require 'filter/tick';

# DO NOT delete the next line, or Perl will complain.
1;
#######################################################################

> #REVERSE DNS CHECK
>     if ($authorized_sender < 1) {
>       $res = Net::DNS::Resolver->new;
> 
>       $suspect_spammy_country_tlds = 1;
> 
>         $packet = $res->send($RelayAddr);

Your Net::DNS::Resolver->send is the complete waste of cycles I was 
talking about...just pass $RelayHostname into this code that checks for 
"valid" reverse DNS, because sendmail has already done the lookup for 
you.

>               } elsif ($has_subdomain && $reverse_subdomain =~ 
> /pool|dhcp|dip|dyn|dial|home|cable|dsl|\d{1,3}[-\.]\d{1,3}[-\.]\d{1,3}|\d{9,12}/i 
> && $reverse_subdomain !~ /static/i) {

At least you aren't scoring against my IPs.  Verizon is a PITA to deal 
with in getting reverse DNS.

>             #FAILED REQUIREMENT DID NOT HAVE A REVERSE ENTRY
>             action_change_header("X-KAM-Reverse", "Missing - Reverse PTR for 
> $RelayAddr was missing!");

I saw this with known good Yahoo mail servers...that's why I won't use 
anything like it.

Again, what are your stats on what is stopped *solely* by this check.  
In other words, how many extra bad e-mails (as a percentage) would you 
deliver if you did not have this check?

For me, none of the reverse DNS checks stop enough extra to be worth 
wasting DNS bandwidth (even with a caching DNS server).

--
Jeff Rife | "Because he was human; because he had goodness; 
          |  because he was moral they called him insane. 
          |  Delusions of grandeur; visions of splendor; 
          |  A manic-depressive, he walks in the rain." 
          |         -- Rush, "Cinderella Man" 