On Tue, Sep 20, 2016 at 4:12 PM, Always Learning <e...@u67.u22.net> wrote:

> On Mon, 2016-09-19 at 11:29 -0400, Dave Lugo wrote:
> > Yes, you should have some way to override the missing rDNS check.  But
> > rejecting on missing rDNS is mostly safe, in my opinion and experience.
> Agreed. Only positive action will reduce spam. Meekly accepting spam
> just encourages more spam.

While semi-blindly rejecting ham, will mostly lead to irritation among your
users and those they communicate with.

Striking a balance is difficult, but most users will be happy if they feel
they have some degree of control.

I see some challenges with your suggested filtering rules:

> drop   condition  = ${lookup dnsdb{ptr=$sender_host_address} {0}{1} }
>        message    = [SNA03] Rejected. Sender's IP address has no Host
> name. \
>                     MESS3
>        delay      = 15s

This would appear to fail if _you_ have a DNS problem.

> drop   condition  = ${if and{{def:sender_host_address}{!
> def:sender_host_name}} \
>                        {yes}{no}}
>        message    = [SNA04] Sender's Host has No Reverse DNS. \
>                     Ask your technical experts to rectify the problem.

This would also appear to fail if _you_ have a DNS problem.

I would recommend deferring the decision until later in the two above cases.

> drop   condition  = ${if match{${lc:$sender_host_name}} \
>  {(broadband|client|customer|dsl|dyn|dynamic|home|host|static|user)(\\d|
> \\.|\\-|ip)} \

This would appear to eliminate several legitimate hosting providers which
are not home internet connections, as you don't check on word boundaries,
and even so, might match other legitimate services.

## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to