Having been subjected to weeks of non-stop dictionary attacks, I've now been working on something of a solution by scanning the IMail log file for rejections and attempting to determine which IPs are nailing us. Part of this is doing some DNS lookups, if the overhead isn't too terrible. I know right off the bat that I won't accept inbound connections from any server without a reverse entry, but was wondering whether it is safe to block hosts that do not have MX records?
Just so you are aware, there are still some legitimate mailservers out there with no reverse DNS entry. A lot less than a year or so ago, but they are there.
As for MX records, are you looking at the HELO, MAIL FROM, or something else? HELO may have an A record instead of an MX record, so you would need to check both. MAIL FROM is the same (since it is technically OK to have an A record in lieu of an MX record).
[EMAIL PROTECTED]
FYI. :)
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
