reverse hostname (ok) -> fw dns query (ko) -> unknow

Tue, 13 Jul 2010 19:50:53 -0700 

(I apologize for my terrible English)
In order to minimize dnsbl queries and, globally, to decrease external services dependency i started to test some pcre rules (check_client_access on various stages) in which i'm trying to 'whitelist' properly configured dns hosts and to slow down/rate limit bad ones. First i must say this is only a my lab test :-) I'm basing my test rules on Matthew Sullivan's DRAFT "Suggested Generic DNS Naming Schemes" (http://tools.ietf.org/html/draft-msullivan-dnsop-generic-naming-schemes-00). In my personal experience, i can say that lots of ISP are considering it. 

(testing on debian lenny/squeeze postfix 2.5.5-1.1 / 2.7.1-1)

---

Some very simple examples (pcre are not perfect, i know):

# RFC Draft OK -> 'whitelist' (no limits, no slamming, etc..)
# samples: smtp254.example.com. mail-88.colo.example.com.
/^smtp[-.0-9a-z]*\.[-a-z0-9]+\.[a-z][a-z]+\.?$/ OK
/^mail[-.0-9a-z]*\.[-a-z0-9]+\.[a-z][a-z]+\.?$/ OK
/^mx[-.0-9a-z]*\.[-a-z0-9]+\.[a-z][a-z]+\.?$/   OK


And.. to be more aggressive.. :-) .. some samples:

# sample: reject 'unassigned.example.com.'

/.*\.unassigned\..*\.[-a-z0-9]+\.[a-z][a-z]+\.?$/ REJECT Your hostname 
seems to indicates an 'unassigned' network


# sample: reject '0.0.0.10.dynamic.example.com.'

/.*\.dynamic\..*\.[-a-z0-9]+\.[a-z][a-z]+\.?$/ REJECT Your hostname 
seems to indicate an end user connection - Please use your ISP's SMTP


---


I know it's very crude, but i have some time to spend now and the real 
goal is to increase my postfix knowledge .. anyway .. It's already 4 
week i'm testing this 'monster' on some (personal) domains to whom i'm 
really not concerned about mails loss.

Results? ..awesome!

Test (little) numbers:
Total incoming connections: about 50000
Ham messages: about 5000
False positive: about 50 (based on what i can know)

Ok, about 90% of total incoming messages were spam.. but:
85% blocked by pcre rules
14% blocked by dnsbl
 1% quarantined by message tests (amavis,sa)

Previously dnsbl contributed 80% of total!

---

And now.. finally.. the 'subject' issue:


when a client has a reverse hostname but the corresponding fw dns query 
doesn't exists .. here a sample..


94.96.8.3 -> reverse lookup -> 94.96.8.3.dynamic.saudi.net.sa.
94.96.8.3.dynamic.saudi.net.sa. -> fw lookup -> NXDOMAIN


..postfix pass to me 'unknown[94.96.8.3]' and i cannot parse the 
existent reverse hostname in the PCREs rules.


Is there a simple way to get the reverse hostname back ?

I thank you in advance for your patience and any help.

---
Amedeo Rinaldo

*La vita รจ un biscotto ma se piove si scioglie*






















					Reply via email to