On 2003.08.26, Jerry Asher <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED]>: > Connected to 152.163.216.7 but sender was rejected. > Remote host said: 450 4.7.1 Access temporarily denied. IP name lookup failed > [192.25.138.230]
$ host 192.25.138.230 Host 230.138.25.192.in-addr.arpa not found: 3(NXDOMAIN) Yeah, there's no reverse DNS for the IP address 192.25.138.230. Is that your IP address? > I've long posted to this list (as I am sure many of you regret), and my > mailserver has never had the reverse dns pointing to theashergroup. It > hasn't been a problem in the past. Is this a reverse dns check or something > else? Yeah. AOL along with other ISPs are implementing measures to try and reduce spam. Looking for a valid reverse DNS must be one of them. If your ISP doesn't do reverse DNS for the IPs it assigns out, complain to your ISP and whack 'em with the cluebat. > > In fact there are four address-filtering rules your router should use: > > - Drop a packet from the WAN with a LAN source address > > - Drop a packet from the WAN without a LAN destination address > > - Drop a packet from the LAN without a LAN source address > > - Drop a packet from the LAN with a LAN destination address > > In fact, a day or two ago, I sent an email to various authors of Blaster > articles saying that the DSL and Cable companies should do exactly this on > their routers (and others things they could do) for basic consumer > accounts. Yes, basic ingress and egress filtering ought to be done at every handoff point, but the fact is most network engineers are [EMAIL PROTECTED] dumb as monkeys and they think "no, those four ACLs will severely hamper the performance of our networking hardware! We must squeeze every last megabit per second of bandwidth out of our OC-48!" THE REALITY: actually, most carriers can't do this kind of filtering because they transport traffic for /other/ networks with all sorts of peering topologies. So, there's no "easy" way of doing this kind of basic ingress/egress filtering except at the end-user level where you only have one, may be two peers. However, the problem isn't entirely insolvable but it's easier to just let things ride and periodically wreak havoc than to do any deep thinking about the problem and solve it. It's that same dumb mentality that lead us into that "Year 2000" thing we dealt with three years ago. How soon people forget ... -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
