There was some discussion several years ago about issues with blocking
mail from MTAs whose IP address does not resolve via DNS. At that time
it was considered a bad idea to do that. However, with the volume of
spam continuing to grow, has there been any real change in that opinion?
I receive a lot of spam from IP addresses for which there is not DNS
entry. The cf file patches to do the blocking are at least one version,
if not more, old. I have no idea if they would work properly on the
current version or not. However, I have noticed that there is no mc
file option to do that blocking so I suspect that the community has not
really changed its view on the subject.

On Sun, 2 Sep 2007, Doug Hardie wrote:

>
> entry. The cf file patches to do the blocking are at least one version,
> if not more, old. I have no idea if they would work properly on the
> current version or not. However, I have noticed that there is no mc
> file option to do that blocking so I suspect that the community has not

HUH ?
How about you read the release notes for oh, lets say 8.14.0
its only about 9 months old now.

--

Cheers
Res

Doug Hardie <bc979@lafn.org> writes:

> There was some discussion several years ago about issues with blocking
> mail from MTAs whose IP address does not resolve via DNS. At that time
> it was considered a bad idea to do that. However, with the volume of
> spam continuing to grow, has there been any real change in that
> opinion?
> I receive a lot of spam from IP addresses for which there is not DNS
> entry. The cf file patches to do the blocking are at least one version,
> if not more, old. I have no idea if they would work properly on the
> current version or not. However, I have noticed that there is no mc
> file option to do that blocking so I suspect that the community has not
> really changed its view on the subject.

See FEATURE(`require_rdns')

<quote src="RELEASE_NOTES">
8.14.0/8.14.0 2007/01/31
[...]
CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
clients whose IP address does not have proper reverse DNS.
Contributed by Neil Rickert of Northern Illinois University
and John Beck of Sun Microsystems.
</quote>

AFAIR It available as HACK at Neil's web site for older sendmail versions.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Saints should always be judged guilty until they are proven innocent.
-- George Orwell

In article <Pine.LNX.4.64.0709021944050.2139@ebfjryy.nhfvpf.a rg>,
Res <res@ausics.net> wrote:

> On Sun, 2 Sep 2007, Doug Hardie wrote:
>
> >
> > entry. The cf file patches to do the blocking are at least one version,
> > if not more, old. I have no idea if they would work properly on the
> > current version or not. However, I have noticed that there is no mc
> > file option to do that blocking so I suspect that the community has not
>
> HUH ?
> How about you read the release notes for oh, lets say 8.14.0
> its only about 9 months old now.

Interesting. I never expected that FreeBSD has not updated to 8.14. I
just discovered its still at 8.13. No wonder I didn't find it.
However, given that the ability is there, is it still considered not a
good idea?

Doug Hardie wrote:
> Interesting. I never expected that FreeBSD has not updated to 8.14. I
> just discovered its still at 8.13. No wonder I didn't find it.

8.14.1 is in the ports.

--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

On 9/2/2007 4:28 AM, Doug Hardie wrote:
> There was some discussion several years ago about issues with
> blocking mail from MTAs whose IP address does not resolve via DNS.
> At that time it was considered a bad idea to do that. However, with
> the volume of spam continuing to grow, has there been any real change
> in that opinion? I receive a lot of spam from IP addresses for which
> there is not DNS entry. The cf file patches to do the blocking are
> at least one version, if not more, old. I have no idea if they would
> work properly on the current version or not. However, I have noticed
> that there is no mc file option to do that blocking so I suspect that
> the community has not really changed its view on the subject.

As other posters have pointed out there is now an option built in to
8.14 to accomplish this.

As to whether or not this is a good idea, in short there is still a lot
of collateral damage for turning this filter on. There are a lot of
sites that for what ever reason, do not have reverse DNS set up for
their IP address range.

In short, there are a lot of other ways to reduce the amount of spam you
get with out as much collateral damage as this option.

Granted I agree with you that it should be safe to require reverse DNS.
I suppose that as long as you have a good white listing solution in
place, and you are willing to deal with support issues for issues then
go for it.

I would be willing to require reverse DNS on my personal server but not
on my company server yet.



Grant. . . .

On Sun, 2 Sep 2007, Doug Hardie wrote:

>
> In article <Pine.LNX.4.64.0709021944050.2139@ebfjryy.nhfvpf.a rg>,
> Res <res@ausics.net> wrote:
>
>> On Sun, 2 Sep 2007, Doug Hardie wrote:
>>
>>>
>>> entry. The cf file patches to do the blocking are at least one version,
>>> if not more, old. I have no idea if they would work properly on the
>>> current version or not. However, I have noticed that there is no mc
>>> file option to do that blocking so I suspect that the community has not
>>
>> HUH ?
>> How about you read the release notes for oh, lets say 8.14.0
>> its only about 9 months old now.
>
> Interesting. I never expected that FreeBSD has not updated to 8.14. I
> just discovered its still at 8.13. No wonder I didn't find it.
> However, given that the ability is there, is it still considered not a
> good idea?

It's used on many major networks now days in many countries, I understand
even AOL has enforced it now for over 2 years, most of us were using the
'hack' that has bene freely available for many years, the sendmail FEATURE
is essentially, that hack.



--

Cheers
Res

On Sun, 2 Sep 2007, Doug Hardie wrote:

>
> In article <Pine.LNX.4.64.0709021944050.2139@ebfjryy.nhfvpf.a rg>,
> Res <res@ausics.net> wrote:
>
>> On Sun, 2 Sep 2007, Doug Hardie wrote:
>>
>>>
>>> entry. The cf file patches to do the blocking are at least one version,
>>> if not more, old. I have no idea if they would work properly on the
>>> current version or not. However, I have noticed that there is no mc
>>> file option to do that blocking so I suspect that the community has not
>>
>> HUH ?
>> How about you read the release notes for oh, lets say 8.14.0
>> its only about 9 months old now.
>
> Interesting. I never expected that FreeBSD has not updated to 8.14. I
> just discovered its still at 8.13. No wonder I didn't find it.
> However, given that the ability is there, is it still considered not a
> good idea?

It's used on many major networks now days in many countries, I understand
even AOL has enforced it now for over 2 years, most of us were using the
'hack' that has bene freely available for many years, the sendmail FEATURE
is essentially, that hack.



--

Cheers
Res