Hi All,
I'm having some spam get through because filtering that relies on
reverse DNS is
behaving in the following way:
First we have:
webserver:~# exim4 -bh 200.74.217.158
**** SMTP testing session as if from host 200.74.217.158
**** but without any ident (RFC 1413) callback.
**** This is not for real!
host in hosts_connection_nolog? no (option unset)
host in host_lookup? yes (matched "*")
looking up host name for 200.74.217.158
IP address lookup yielded mail.radarsystems.net
gethostbyname2 looked up these IP addresses:
name=radarsystems.net address=200.74.217.141
Okay, the forward and reverse DNS doesn't match, but the IP
address reverse-resolves to an address. So far so good.
processing "deny"
check hosts = *.pwrz.at : *.ampledns.com : *.radarsystems.net
sender host name required, to match against *.pwrz.at
host in "*.pwrz.at : *.ampledns.com : *.radarsystems.net"? no (failed to find
host name for 200.74.217.158)
deny: condition test failed
Why isn't the earlier lookup used?
If it is because the forward and reverse DNS didn't match, isn't that
kind of dumb?
If there was a way to reject such hosts upfront, that would work.
What's a good way to write a deny rule like that?
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
