Re: [Declude.JunkMail] Double RDNS
Although the Postfix test is a bit more stringent (rejecting if no PTR exists - equivalent to the Declude JunkMail REVDNS test), I think testing for matching forward and reverse records in a weighting system would be a very good test. I would suggest that it probably be best to just match the domain part: xyx.com, rather then looking to match the full hostname: mx1.xyz.com (which will cause fewer false-positives). And since the necessary info for this test is already gathered by Declude JM, it should not be a difficult test to implement. Scott, what are your thoughts on implementing a JM test like this? The problem here is with false positives -- while about 90% of legitimate mailservers now have reverse DNS entries (up from about 80% a year or two ago), lots of them don't have A records that point back to the mailserver (mostly due to poor DNS, but many people have been told "All you need is a reverse DNS entry, it doesn't matter what it is..."). It's something that we are still considering, though. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Double RDNS
I don't know of a way to do this with Declude currently, however, this is a test that I do run on my Postfix gateways. Here is a description of the Postfix test: reject_unknown_client Reject the request when the client IP address has no PTR (address to name) record in the DNS, or when the PTR record does not have a matching A (name to address) record Although the Postfix test is a bit more stringent (rejecting if no PTR exists - equivalent to the Declude JunkMail REVDNS test), I think testing for matching forward and reverse records in a weighting system would be a very good test. I would suggest that it probably be best to just match the domain part: xyx.com, rather then looking to match the full hostname: mx1.xyz.com (which will cause fewer false-positives). And since the necessary info for this test is already gathered by Declude JM, it should not be a difficult test to implement. Scott, what are your thoughts on implementing a JM test like this? Bill - Original Message - From: "Mike Kruidhof" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 26, 2003 10:38 PM Subject: [Declude.JunkMail] Double RDNS We just purchased and implemented Declude Junkmail here. I am attempting to understand what should be changed to catch more messages. We are using the default values. Many messages are getting through with low values. One thing came to me tonight, I turned on the XINHEADER option to show the RDNS value. Is there a test that can do a DNS lookup with the hostname that is returned from the RDNS? The IP address returned should match the IP address originally used for the RDNS. I would like to see how often this is not the case on the messages that are getting through. Thanks, Mike K --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Double RDNS
We just purchased and implemented Declude Junkmail here. I am attempting to understand what should be changed to catch more messages. We are using the default values. Many messages are getting through with low values. One thing came to me tonight, I turned on the XINHEADER option to show the RDNS value. Is there a test that can do a DNS lookup with the hostname that is returned from the RDNS? The IP address returned should match the IP address originally used for the RDNS. I would like to see how often this is not the case on the messages that are getting through. Thanks, Mike K --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
