On October 20, 2009, [email protected] wrote: > Getting back to this issue: I don't see any problem with prejudice against > poorly constructed network infrastructures that can't bother to adhere to > the SMTP standard (RFC1912 section 2.1). This is something that any > network admin who should legitimately be managing a mail server should be > able to fix with a single phone call (please correct me if this sentence > is prejudiced in any way). > > The SMTP standard requires a server's rDNS must match the server's reported > name (thus the IP must have rDNS), and most allocated IPs have them anyway > (even if they're wrong or ~dynamic, e.g. RDNS_DYNAMIC). There is also a > growing number of deployments that block improper FCrDNS at the door > (RDNS_NONE is a subset of failing FCrDNS). >
MagicMail Servers have been blocking all email at the connection level that do not have rDNS now for the past couple of years, except when SMTP AUTH is presented, and we haven't had an F/P reported in over a year. However, this SHOULD be the MTA responsibility, and not the filtering system. Of course there are some MTA's still out there where this may help, but it is better to reject those during SMTP phase, so that the clueless admin can get reverse DNS up as soon as possible.. HOWEVER.. Please note, you have to watch this.. we have seen too many times where temporary DNS failures resulted in email blockages, and you dont' want to be dropping those messages on the floor when that happens.. Better to reject them, or at least send back temporary deferrals... Another point, is that the SMTP 'standard' is not yet a standard.. In the real world, just be happy they have any sort of reverse DNS.. We are trying to adopt a standard where at least the reverse DNS resolves to a domain owned by the email operator, (and not his upstream providers generic addressing scheme) and we still get some push back on that.. to get the average MS Exchange operator to set up the servers' reported name.. how many times do we see HELO localhost.localnet still :) And there are many operators who have reasons NOT to do this.. (Email Clusters, Server with Internal Naming Conventions et al) It would be nice to see SA having to do less of the 'Best Practices' stuff.. leave that to MTA's.. Just thought I would put my two bits in.... SA 'could' go farther with 'prejudiced' rules, but if they are sufficiently prejudiced, should they not be absolutes, instead of scores? PS, since I am posting.. Warren, have you done any 'testing' with the SPAM-RATS RBL's against the corpus? would be interested in numbers.. even with the variables of aged dating, and not checking SMTP Authed messages.. -- -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors - President/CEO - LinuxMagic Products, Services, Support and Development Visit us at http://www.linuxmagic.com ------------------------------------------------------------------------ A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-589-0037 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
