Jorey Bump schrieb: > Mikael Bak wrote, at 08/03/2009 10:38 AM: > >> I'm currently blocking all attepmts to connect from hosts not having a >> valid reverse DNS name with "reject_unknown_reverse_client_hostname". >> >> This is very effective for dealing with spam. This is not our only >> protection though :-) >> >> Although from time to time we get feedback from users about lost email.
lost mail to where ? gone universe ....*g? the mail got rejected at last with a debug code so the sender may take his brain to fix its problem or try to reach you by phone , valid mailservers etc if the sender cant fix it you can simply whitelist them by ip or else for reject_unknown_reverse_client_hostname mail must always be supported using reject_unknown_reverse_client_hostname is relativly save these spam days ,shows every day work here, the few problems a year are easy to fix, make sure that you have very good dns resolves ( i.e use local dns cache too) i changed the reject code to 550, to let senders know at once about the the problem, for fighting bots it very effective ,and dont break your head about crying users behind if the senders cant show bounces and call it lost mail *g >> When checking our logs it turns out that most of the time the email is >> lost because the sending part fails the reverse DNS lookup. >> >> So now I'm a bit puzzled. Are we being too restrictive? Do you guys find >> it OK to reject hosts that fail reverse DNS checks? Do you guys find it >> common that legit mail servers does not have a reverse DNS name? What do >> you tell your users? > > Although both reject_unknown_client_hostname and the more permissive > reject_unknown_reverse_client_hostname are currently very effective at > blocking spam, there are too many misconfigured mail servers out there > for us to use either for outright blocking. Such tests are still very > useful in a scoring system. > >> I occationally try to send an email to the mail administrator of such a >> sending server. Once they replied and they accepted my complaints and >> fixed the problem, and they were happy I told them about it. But this >> was the only time anyone ever answered such a request from me, so >> perhaps it's not worth the effort. > > I've discovered the same. > >> Nevermind. To make it short: Is it ok to reject such sending servers or >> not? :-) > > I don't, because it would block important messages. You'd be surprised > at how many emergency alert systems fail this test, let alone banks, > schools, governments and other key institutions. > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
