Dear all,


We're having problems with spam being allowed in from IPs with rDNS
resolving to "localhost".

This gets past the reject-empty-rdns filter.


Initially I thought these IPs has no rDNS - using dnsstuff, I get no result
(normally meaning no rDNS). But using host or dig I see the IPs really do
reverse resolve to localhost.



Example log entry:


spamdyke[24468]: ALLOWED from: to:
redac...@redacted.tld origin_ip: origin_rdns: localhost
auth: (unknown) encryption: (none) reason: 250_ok_1470423419_qp_24501




Check rDNS:


# host domain name pointer localhost.



# dig -x


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15578

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0



;  IN      PTR


;; ANSWER SECTION: 21599 IN  PTR     localhost.


;; Query time: 325 msec


;; WHEN: Tue Aug  9 10:41:58 2016

;; MSG SIZE  rcvd: 69





Is figure that it is not safe to add "localhost" in our rdns blacklist file.
Wouldn't our real, local, localhost potentially get blacklisted? 


Any suggestions as to what to do about this would be much appreciated!


Errmm.. in the back of my head there is a dim bell ringing about this issue
and so it might have been discussed before. Sorry if I'm asking something
that's already been covered at some point. Google hasn't helped in this



spamdyke-users mailing list

Reply via email to