On 7/9/2011 12:00 PM, lee wrote: > The rDNS check is very useful because it keeps out tons of SPAM without > occupying too many resources. It also seems to be common practise. Do > you have a better suggestion?
Just checking for the existence of rDNS is no longer sufficiently effective against bot spam from infected residential hosts. This is because many/most? ISPs have rDNS for most of their IP addresses, whether dynamic or static. If you really want to put the hammer on residential bot spam, especially IPs that send to you before Spamhaus ZEN (CBL) lists them, and that are not listed in the various DNS dynamic block lists, then you need something like this: http://www.hardwarefreak.com/fqrdns.pcre This Postfix PCRE table consists of 1600+ rDNS patterns of residential broadband/SOHO ISPs around the world, and is extremely effective at killing bot spam, while putting very little load on your server. The table and the instructions I've written are geared toward Postfix, but the table should be usable with any MTA, with appropriate modifications, that handles PCRE tables. Simply have your MTA query the table for the rDNS string. The table is currently setup to outright reject most matches, but for some that are more in SOHO land it does a header prepend so SA etc can score it. If someone wishes to modify it for use with Exim and rehost it that would be great. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e18f888.9070...@hardwarefreak.com