Need a rule written to take advantage of this trick and this could be a
major breakthrough in white listing.
Here's what it needs to do:
1) Take the IP of the connecting host and do an RDNS lookup to get the name.
2) Verify that the name that was looked up resolves to the same IP address.
3) Look up the name in this dns list ===
example.com.hostdomain.junkemailfilter.com
4) if it returns 127.0.0.1 - it's ham
Lets say the sending host is 69.50.231.2
RNDS of 69.50.231.2 is 2.ctyme.com
Looking up 2.ctyme.com returns 69.50.231.2 ---- MATCH!
Lookup 2.ctyme.com.hostdomain.junkemailfilter.com - returns 127.0.0.1 -
It's HAM!
That's all there is to it.
If you're running Exim it's even easier.
accept dnslists =
hostdomain.junkemailfilter.com=127.0.0.1/$sender_host_name
The Exim version works. Need someone to make it work for Spam Assassin.
The reason for the matching is that spammers can't spoof RDNS if you
verify it by matching the RNDS to the original IP. I have a few thousand
popular domains listed. If this works and with a bigger central list we
can probably ID 99% of ham without further processing.
