Re: [Mimedefang] Including archetypal filters to include in release?

[James Ebright]

Kevin A. McGrail wrote:
I'm interested in the answer about the reverse DNS as well, BTW.

Regards,
KAM

BTW:  In the case where there is no rDNS for an incoming connection...
what would be the approximate false positive rate be if we were to refuse
those connections (unless of course they were authenticated or local)? 


If the user is authenticated... why would there not be a rDNS entry for 
their IP?? I guess if they are "roaming" but we usually recommend a 
webmail setup for most  of those customers that fit the "typical" user 
profile, others know enough they don't need to call and make sure they 
setup for auth and STARTTLS, in either case.. I have yet to run this as 
an issue.

I have been running the  require_rdns.m4 hack with some minor 
modifications (I ONLY reject if there is no rDNS at all and with 
greet_pause enabled with a 4 sec delay for off-network MTA/MUAs) since I 
last mentioned it on this list some time ago with zero customer 
complaints, and only 2 or 3 contacts from other sys admins asking how 
they fix their DNS.

So, as long as you are not draconian about it, it seems to work well.

Now when I first implemented the hack on my test box... I implemented 
the whole thing... requiring the rDNS to match will cause you ALOT of 
false positives/cust complaints.

Some quick and dirty stats off my test box: on avg over 10% of the 5XX 
rejects are for bad rDNS, when I first implemented I merely tagged and 
tracked these to confirm it was reall spam... during this time period I 
had zero false positives... but admitedly only tracked it for one week. 
When I started rejecting them using the require_rdns.m4 hack I simply 
saved myself a few more expensive MD/SA implementations as I also 
noticed  these messages were invariably caught by MD/SA, I just stop 
them a little bit earlier now. The message breakdown on my test box is 
as folllows for the last few days:

./msgperday  ' 9'
grep "^Jan  9" /var/log/maillog

UNIQ MSID:              13670
TO:                     6561
________________________________

Sent:                   5670
5XX Rejects:            8045  
        1113 of these were for no rDNS
4XX Rejects:            36
Deferred:               887
Timeout:                12
User Unknown:           101
Service Unavail:        1
Header Forgery:         2
Host Unknown:           3
________________________________
Processed (stat=):      6789
Rejected (eject=):      8081

./msgperday 10
grep "^Jan 10" /var/log/maillog

UNIQ MSID:              14503
TO:                     6906
________________________________

Sent:                   5698
5XX Rejects:            8602
      1113 were for no rDNS
4XX Rejects:            18
Deferred:               972
Timeout:                12
User Unknown:           138
Service Unavail:        2
Header Forgery:         6
Host Unknown:           4
________________________________
Processed (stat=):      7047
Rejected (eject=):      8620

./msgperday 11
grep "^Jan 11" /var/log/maillog

UNIQ MSID:              14358
TO:                     6765
________________________________

Sent:                   5589
5XX Rejects:            8366
       1086 were due to no rDNS
4XX Rejects:            1
Deferred:               838
Timeout:                37
User Unknown:           155
Service Unavail:        3
Header Forgery:         4
Host Unknown:           1
________________________________
Processed (stat=):      6916
Rejected (eject=):      8367

./msgperday 12
grep "^Jan 12" /var/log/maillog

UNIQ MSID:              14875
TO:                     6948
________________________________

Sent:                   5883
5XX Rejects:            9725
        1206 were due to no rDNS
4XX Rejects:            29
Deferred:               736
Timeout:                24
User Unknown:           230
Service Unavail:        1
Header Forgery:         8
Host Unknown:           1
________________________________
Processed (stat=):      7141
Rejected (eject=):      9754

./msgperday 13
grep "^Jan 13" /var/log/maillog

UNIQ MSID:              14290
TO:                     6086
________________________________

Sent:                   4975
5XX Rejects:            9827
      1377 were due to no rDNS
4XX Rejects:            2
Deferred:               759
Timeout:                15
User Unknown:           123
Service Unavail:        7
Header Forgery:         9
Host Unknown:           4
________________________________
Processed (stat=):      6185
Rejected (eject=):      9829

./msgperday 14
grep "^Jan 14" /var/log/maillog
INCOMPLETE DAY, Processed to 8:30pm EST

UNIQ MSID:              10321
TO:                     3481
________________________________

Sent:                   2421
5XX Rejects:            8315
     869 were due to no rDNS
4XX Rejects:            15
Deferred:               670
Timeout:                1
User Unknown:           100
Service Unavail:        0
Header Forgery:         4
Host Unknown:           4
________________________________
Processed (stat=):      3527
Rejected (eject=):      8330

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang