Am Di, den 14.12.2004 schrieb HaJo Schatz um 13:02: > To combat spam I have enabled reverse-DNS lookups of incoming SMTP > connections. If the FQDN does not match the HELO-Identity, I reject the > connection with a 550 Error. > > I have now found that this breaks communication even with reputable > (well, an international bank that is) peers. Dunno how much more mail I > may have lost through this... How are you out there handling that, are > you doing reverse-lookups? > HaJo Schatz <hajo@xxxxxxxx> In addition to the answers you already got: checking for an existing reverse DNS will block too many innocent senders. See i.e. comments and implementation for Sendmail http://www.cs.niu.edu/~rickert/cf/ "HACK(`require_rdns') -- reject mail from sites without valid reverse DNS. Access entries allow individual override. I don't recommend this. The amount of collateral damage is excessive." From the same site see the discussion about HELO/EHLO checks: http://www.cs.niu.edu/~rickert/cf/bad-ehlo.html I myself block hosts which claim to be my mail host itself by giving it's IP in the HELO statement. I only saw spamming attempts to be blocked so far and no legitimate senders. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 18:10:22 up 4 days, 12:51, load average: 0.37, 0.36, 0.49
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
