Hi, Bill, On Sat, 09 Apr 2011 12:39:47 +0000 in message number <[email protected]>, received here on 09/04/2011 15:38:28, W B Hacker <[email protected]> said:
> Bill Hayles wrote: > > Hi, fellow Bill, > > Greets.. > > ;-) > > *snip* > > >> will eventually show up.. see below in re rDNS. > > > > OK, not strictly Exim related, but one of my hobbyhorses. If you do > > that, you block a lot of legitimate servers (including mine!). > > Not so! I AM running Exim rDNS check, and did NOT block your direct OFF > tahini response. > > You(r server) passed the rDNS check for the IP from whence you > connected: craybox.com .....on 80.35.22.107. > > From *manual* inspection with 'host' and 'dig', one could argue that > you should NOT have passed... Interesting, and thanks for the test. It could be said that I should use the rDNS result as my primary_hostname, but I don't really want to do that. > .... but Exim's rDNS checking is very 'wise' w/r not rejecting unless it > has to.. Fair enough. You know much more about this than me. > >> Also, this approach does not catch spam mail from infected computers >> (of which I get plenty). > > Oh, but it DOES! Near-as-dammit 100% of it. I think you're teaching me something, and there's something I'm not understanding. Correct me if I'm wrong. I have a (now former) former mailing list subscriber. Let's call them [email protected]. For the last couple of weeks, this address has been sending me 20 or 30 spam messages per day from 65.54.190.140, which resolves to hotmail.com. I thought that the easiest way for me to deal with them is to reject them via a simple deny message. > > Wot becomes infected AND NOT noticed or corrected for *long* periods at > a time are predominantly the ordinary residential or SME user's > 'Win-desktop'. That's what I'm dealing with here. > > Those are *nearly always* on dynamic IP with no PTR RR, hence no way to > reverse that IP via a PTR RR to an A or MX record match. Agreed, but that isn't showing up in the Exim logs. The lines are similar to 2011-04-02 11:57:37 1Q6gXQ-0003pj-33 <= [email protected] H=(bay0-omc3-s2.bay0.hotmail.com) [65.54.190.140] P=esmtp S=6227 [email protected] > Those WILL fail Exim's rDNS check. As they should do. But the example above won't, unless I've misunderstood something. > > Easy enough to check. OK, I'll do it. I'll let you know the results. -- This is Spain. We do things differently here! Bill Hayles [email protected] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
