-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
Am Do den 28. Aug 2014 um 16:10 schrieb Always Learning: > My personal advice is: STOP being a willing victim to SPAM. > > There is no need for anyone to be a willing recipient of the junk mail > being targeted at your MTAs. Well, your points are really strict and maybe too strict for many people. However, the problem is that not all are really realizable. > 1. Reject everything which does NOT have a Host Name. > > 2. Reject everything which does NOT have a Reverse DNS (meaning the Host > IP has a Host Name and that Host Name resolves to the original Host IP > address) That would work in an optimal world. However, the world is not optimal and there are many servers out there that are miss configured relating to reverse DNS or DNS at all. Even senders that tell them self "professional". I even encountered some universities that are not able to configure a working DNS host name for their outgoing mail server (mostly using microsoft exchange). > 3. Reject everything that appears to come from a > non-professional/non-official host name, for example here are a few of > today's rejects (rejected by our servers in ACL Connection) You speak about using DUL lists. Well, they are very controversial. Just some completely valid senders: - - People, mostly IT professionals, that want to run there own mail server at home but are not able to get a proper reverse DNS entry, (i.e. as it is a dynamic address or as the service provider don't do that entries) This is especially valid in current days when you don't want your mails going through servers that you don't trust. - - Some valid senders might be a hostname that has a broken reverse DNS like the one below. > 4. Further checks can be done with the HELO/EHLO and then with the RCPT. Sure, but they will most likely match also to valid mail sender. I, for example, drop all that says *.domain. > If serious people want to send you and your colleagues real mail, then > those senders should properly configure their outgoing MTAs. They might not always able to do so. For examle if their legit sender is a university that don't care about proper setup. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJT/1FWAAoJEKZ8CrGAGfasHd4MAKimeyXSHyoSH+BWLu8MrlHk eC3L83LYd/f0O/AHgBZmS1or4U5yBHEDE5HL0ozLjhNIRVrUhIygNG6Jmv4MyDsy iFmW035f6vNb5XQLtl6vepd6/6NqZSseqzDoQlpeG/SGLussSFcGjAUUkGXzzDIf 4HM7KUV24cMxpEOhZm7IZqkj8Ve7vh4Y3wadukoBdKPRw1JfXR1v3oil6gDBICLT KQd4pSobt0/xRPQDkoFkq2Q+NT+St6+ZZbVpY6wzKNnqBy27GR1wUPqIQ/a/AMfm SlBb0Llsf1UG31GEx6gP+MwAPkrqTHNaG7lBAiSmldKwfGa1DFENnW+Z6slmM8Np z0k7E5G+SMvQAzvvu+b/IT//avcGSf4Avty12hUdEaF62sMXPhIAHL7FmybDgOen EW+GPpXOkB1SUjgQgBUKomek8FPbhAf1jQulwtwm8jIZ4o2X8nxnCWZYvPeFcwAk qPQKNrc4277ELk7FmeRsCz3X7+zCtpEwYplhV1Tbag== =aFqH -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
