Adding "localhost" to your rDNS blacklist should work exactly as you expect --
*any* connection that resolves to "localhost" will be blocked. To allow
connections from the real local host, you could either whitelist 127.0.0.1 or,
if you wanted other filters to remain active for local connections, use a
config-dir to remove "localhost" from the blacklist for 127.0.0.1.
Incidentally, are you using the reject-unresolvable-rdns filter? That filter
has a special exception for "localhost" to allow that name for 127.0.0.1 but
block it for all other IPs.
-- Sam Clippinger
On Aug 9, 2016, at 5:02 AM, Faris Raouf via spamdyke-users
> Dear all,
> We’re having problems with spam being allowed in from IPs with rDNS resolving
> to “localhost”.
> This gets past the reject-empty-rdns filter.
> Initially I thought these IPs has no rDNS – using dnsstuff, I get no result
> (normally meaning no rDNS). But using host or dig I see the IPs really do
> reverse resolve to localhost.
> Example log entry:
> spamdyke: ALLOWED from: sqozt...@vnnic.net.vn to:
> redac...@redacted.tld origin_ip: 188.8.131.52 origin_rdns: localhost auth:
> (unknown) encryption: (none) reason: 250_ok_1470423419_qp_24501
> Check rDNS:
> # host 184.108.40.206
> 220.127.116.11.in-addr.arpa domain name pointer localhost.
> # dig -x 18.104.22.168
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 22.214.171.124
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15578
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;126.96.36.199.in-addr.arpa. IN PTR
> ;; ANSWER SECTION:
> 188.8.131.52.in-addr.arpa. 21599 IN PTR localhost.
> ;; Query time: 325 msec
> ;; SERVER: 184.108.40.206#53(220.127.116.11)
> ;; WHEN: Tue Aug 9 10:41:58 2016
> ;; MSG SIZE rcvd: 69
> Is figure that it is not safe to add “localhost” in our rdns blacklist file.
> Wouldn’t our real, local, localhost 127.0.0.1 potentially get blacklisted?
> Any suggestions as to what to do about this would be much appreciated!
> Errmm.. in the back of my head there is a dim bell ringing about this issue
> and so it might have been discussed before. Sorry if I’m asking something
> that’s already been covered at some point. Google hasn’t helped in this case.
> spamdyke-users mailing list
spamdyke-users mailing list