require_rdns
in [Sendmail]
|
From: Andrzej Adam Filip on 22 Feb 2010 15:12 DJ GRP <deejay.grp(a)gmail.com> wrote: >> [...] >> 1) I personally recommend using FEATURE(`anfi/require_rdns') with >> FEATURE(`anfi/rsdnsbl') => It would allow you to exclude a few >> "near by countries" from revDNS checks and use more strict revDNS >> checks for a few "bad far away countries" using IP->country mapping >> provided by some DNS services/zones. > > I don't see any problem with that, although I am not sure we actually > need it since we enforce the same policy for everyone. Then again, you > definitely know what you are saying, so I dare to ask: would you > recommend this for our case (where no particular policy is enforced)? It is for you to decide if in *your* case it would be "a needless complication". My "recommendation" is based on assumptions that: a) it is much more risky for spammers when source and destination are under the same legal jurisdiction [ I have read about a few victories in USA in small claims courts :-) ] Spamming from "exotic and far away" jurisdiction lowers risk of really successful legal action by victims. b) it is worthwhile to adopt spam filtering to ham/spam rates - another from "most ham comes from here" and quite different for "hardly any (close to zero) ham comes from there" I personally suggest considering three zones: a) close neighborhood - require PTR record (but no closed PTR-A loop) b) standard - require closed PTR-A loop with doubts (4?? reply in case of doubts) c) wild west/east - require closed PTR-A loop in "unforgivable mode" (easy 5??) -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com Open-Sendmail: http://open-sendmail.sourceforge.net/ To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire
From: DJ GRP on 23 Feb 2010 03:46 > My "recommendation" is based on assumptions that: > a) it is much more risky for spammers when source and destination are > under the same legal jurisdiction > [ I have read about a few victories in USA in small claims courts :-) ] > Spamming from "exotic and far away" jurisdiction lowers risk of > really successful legal action by victims. > b) it is worthwhile to adopt spam filtering to ham/spam rates - > another from "most ham comes from here" and quite different for > "hardly any (close to zero) ham comes from there" > > I personally suggest considering three zones: > a) close neighborhood - require PTR record (but no closed PTR-A loop) > b) standard - require closed PTR-A loop with doubts (4?? reply in case of > doubts) > c) wild west/east - require closed PTR-A loop in "unforgivable mode" (easy > 5??) Thanks for all this useful info :) However I think we are now somehow off-topic. I would anxiously wait for your response on the initial issue.
From: Andrzej Adam Filip on 24 Feb 2010 17:36 "DJ GRP" <deejay.grp(a)gmail.com> wrote: >> My "recommendation" is based on assumptions that: >> a) it is much more risky for spammers when source and destination are >> under the same legal jurisdiction >> [ I have read about a few victories in USA in small claims courts :-) ] >> Spamming from "exotic and far away" jurisdiction lowers risk of >> really successful legal action by victims. >> b) it is worthwhile to adopt spam filtering to ham/spam rates - >> another from "most ham comes from here" and quite different for >> "hardly any (close to zero) ham comes from there" >> >> I personally suggest considering three zones: >> a) close neighborhood - require PTR record (but no closed PTR-A loop) >> b) standard - require closed PTR-A loop with doubts (4?? reply in case of >> doubts) >> c) wild west/east - require closed PTR-A loop in "unforgivable mode" (easy >> 5??) > > Thanks for all this useful info :) However I think we are now somehow > off-topic. I would anxiously wait for your response on the initial issue. I may merely suggest you to ask on some DNS/bind forum for hints about tool(s) for DNS zone consistency checks. Before considering blaming sendmail it would be nice to check if the DNS zones for PTR and A records are reported correctly by all "indicated as responsible" DNS servers. -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com Yesterday I was a dog. Today I'm a dog. Tomorrow I'll probably still be a dog. Sigh! There's so little hope for advancement. -- Snoopy
From: DJ GRP on 25 Feb 2010 07:07 > I may merely suggest you to ask on some DNS/bind forum for hints about > tool(s) for DNS zone consistency checks. > Before considering blaming sendmail it would be nice to check if the DNS > zones for PTR and A records are reported correctly by all "indicated as > responsible" DNS servers. First of all, I did not blame noone, not sendmail, not bind, not you. I simply posted my experience here to discuss it and perhaps obtain a solution. So such aggression is really not necessary. To go on-topic again, I would have no problem asking on DNS fora about this. However, and as I have already mentioned, the problem was solved when I restarted sendmail. Not the DNS client. G
From: Andrzej Adam Filip on 25 Feb 2010 08:01
"DJ GRP" <deejay.grp(a)gmail.com> wrote: >> I may merely suggest you to ask on some DNS/bind forum for hints about >> tool(s) for DNS zone consistency checks. > >> Before considering blaming sendmail it would be nice to check if the DNS >> zones for PTR and A records are reported correctly by all "indicated as >> responsible" DNS servers. > > First of all, I did not blame noone, not sendmail, not bind, not you. I > simply posted my experience here to discuss it and perhaps obtain a > solution. So such aggression is really not necessary. > > To go on-topic again, I would have no problem asking on DNS fora about this. > However, and as I have already mentioned, the problem was solved when I > restarted sendmail. Not the DNS client. It does not exclude option that sendmail cached "as DNS allowed" DNS replies "straightened" just before sendmail restart. Have you "cured by restart" more than once? Welcome to the world of "hard to repeat" problems/errors and looking almost as CYA "blame shifting" :-) -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com "I have more information in one place than anybody in the world." -- Jerry Pournelle, an absurd notion, apparently about the BIX BBS |