Matus UHLAR - fantomas a écrit :
>>> What I am complaining about is that the IP is reported to be dynamic
>>> because it does not have hostname that follows kind of sick rules.
>
> On 09.04.09 01:28, Mark wrote:
>> Their rules DO seem a mite odd:
>>
>> "Also remember, according to Best Practises, having a reverse DNS that
>> appears to be part of your upstream provider is not good enough for an
>> email server. adsl.23.204.205.upstream.com means that it is an IP address
>> they are responsible for."
>>
>> 'Having a reverse DNS that appears to be part of your upstream provider'
>> as opposed to what exactly? HELO? That's fixed easily enough. :) What they
>> seem to say, if I read them correctly, is that they'll reject when it
>> looks to be from a dynamic pool belonging to upstream.com.
>
> Well, there's no "adsl", no part of IP, nothing that would indicate the
> address being dynamic. Generic, maybe. Dynamic, no way.
>
>>> And if I'd send mail from a0.fantomas.cust.gts.sk, would it?
>> Well, that's the thing, ain't it? As opposed to what? If your PTR were
>> 'a0.fantomas.cust.gts.sk' and you sent mail with HELO
>> 'fantomas.fantomas.sk'? More likely, they'd just reject on the 'cust'
>> part, or the digits.
>
> Their page does not say anything about the HELO string. The IP (of the
> format above, ok, let's say it's a0.fantomas.ba.cust.gts.sk) is now
> registered as dynamic and does not follow the "reverse hostname naming
> convention".
>
>>> Even if that record would be listed in SPF?
>> SPF checks against the envelope-from domain part (or HELO, in certain
>> circumstances). So, with SPF you could authorize 'a0.fantomas.cust.gts.sk'
>> to send mail on behalf of 'fantomas.sk', but that will not prevent Spam
>> Rats from identifying 'a0.fantomas.cust.gts.sk' as appearing to be part
>> of your upstream provider; so they'd probably reject the connection
>> anyway.
>
> That's the question. I do not object against listing of a spammer, but
> dynamic? naming convention? Will they block host if it spams, if it sends
> mail from gmail com and the hostname is qw-out-1920.google.com which looks
> like their upstream provider?
>
>
> OK, I don't want to bitch, I'm searching for some valid informations, mostly
> about their "best practices".
the thing is: use your own name. avoid a name that may be used by a
spammer.
lte's take an example. look at:
mon75-10-82-239-111-76.fbx.proxad.net.
This is a generic IP. such names are used both for static and dynamic
IPs. and spam gets out of such hosts, be them static or dynamic (it
really doesn't matter). In short, the fact that it is dynamic or not is
irrelevant.
now, if you get spam from such hosts, you want to get infos about the
host. if it is 82.239.111.75, you do
$ host 82.239.111.75
75.111.239.82.in-addr.arpa domain name pointer ouzoud.netoyen.net.
you could either contact me or block my domain.
but if you get mail from *.$isp, you can contact the isp (good luck) or
block a large part (IP or domain).
BTW google for "ennemies list". it is used by some sites. (but it should
be "safer" than magiclinux...)
