> From: W B Hacker > Has anyone here yet caught a Zombie that had a 'proper' PTR RR, > let alone passed reverse_host_lookup?
Yes. A zombie behind NAT which doesn't block port 25. Common for small ISP and small businesses in Europe which can get only very small blocks of IPv4 addresses. Many of such small organizations use only one external IP-address. Often it has a non-generic PTR. And even most medium-to-large ISP have much less IP-addresses than clients, so have to use NAT, and not every one uses hostnames like host-77-41-56-246.qwerty.ru. For example, one of largest ISP in my city (population 2.7 million) uses hostnames like made.brander.volia.net or emblazoned.cover.volia.net (two random words). Each such hostname is a NAT with hundreds cable-connected win-lusers behind it, port 25 not blocked. BTW, if a win-zombie is behind a NAT in a DSL-modem (with embedded Linux inside), what p0f shows? -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
