On Thursday, March 27, 2003, at 10:22 AM, Paul Theodoropoulos wrote:rather than trumping up your argument with etiquette fascism, how about pointing out a relevant RFC that backs up your [baseless] opinion that a mailserver must accept messages from a site without reverse DNS?
ever heard of RFC 2505? apparently not.
I hadn't read RFC2505 <http://zvon.org/tmRFC/RFC2505/Output/index.html> until now, but I took the time to do so.
It has some good advice, but I didn't see any mention of refusing mail from hosts without reverse DNS. It does talk about refusing mail based on the FQDN that reverse DNS resolves to (section 2.5), but I think it's a stretch to extend that to IP addresses that don't have reverse DNS.
I don't think that's stretching at all. Having an IP not resolve at all *is* a form of resolution. It resolves to an empty value.
If you look at how I'm doing the block, I am doing almost exactly what the RFC describes and refusing based on the FQDN of the mail server. If the FQDN is empty, I refuse the connection.
I agree with others that the first post should have gone to Inter7 (perhaps [EMAIL PROTECTED]) and not this list.
I made the original post, and I agree, partially. If my intent was solely to get Inter7 to "fix" the reverse DNS, then I would agree completely. I've already "fixed" the problem on my end by adding a special rule for their mail servers IP. However, I also wanted to hear what a few other postmasters had to say about it. Posting privately would not have afforded that luxury. I have enjoyed hearing what a few others think about blocking based on DNS. I haven't done it in quite a few years.
If someone wants to add spam filters to their personal mail server that deny mail from hosts without reverse DNS, that's fine with me. If they think it's a good idea and tell others about it, I think it's a good idea for others to provide constructive feedback on why they disagree.
I couldn't agree more. However, calling a mail server "broken" because it's not set up the way you'd prefer isn't constructive. :)
If it's true that spammers don't have reverse DNS on their IP addresses, I wouldn't mind seeing the MTA adding a header like "X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS." and even "X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which does not resolve to 209.218.8.2". Then an email client could filter on that header or SpamAssassin could add a few points to the message's spam score.
That's easy enough to do in qmail-scanner, and on my "production" servers, that's just another check in SpamAssassin to determine a messages spam score. What I'm attempting to do is block the spam *before* it has to be processed by the more "heavy weight" utilities like AV and SA.
Matt
