----- Original Message ----- From: "Lucas Albers" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 13, 2004 12:43 PM Subject: Re: [Mimedefang] rejecting on helo,drive-by-relay,forged_sender,
> Chris Myers said: > > > > Some ISP's don't bother to set up reverse DNS for their customers so > > $RelayHost will never match $helo... Sad but true. > > You would expect them to use mx hosts with at least reverse dns. > If AOL accepts only with reverse DNS. > Couldn't you argue the generally accepted standard is to reject relays > without reverse DNS? The ISP owns the IP addresses, so if they are too lazy to set up reverse DNS the customer has limited recourse. And most customers are not technical enough to even know that they need to ask for it. Keep in mind that the Internet functions just fine without reverse DNS until the receiving party (us) decides to do some form of validation ... most don't even today, and virtually none did even a few years ago -- and those that did were called some form of "network police" in polite conversation. The customer, on the other hand, owns and operates the MX server. They set it up in a virtual absence of knowledge about DNS other than "my resolver IP address is A.B.C.D". Most people out there are what I call "designated experts", not real experts. I just went through fixing reverse DNS for a customer in the last couple of weeks. They weren't able to send e-mail to AOL and had NO IDEA why that would be the case. My real point is basically that using the results of a HELO test for "broken" conditions as an on/off switch is going to cause more breakage. Your users eventually WILL need to talk to someone who doesn't have working reverse DNS for some reason. If you want to perform these tests, consider saving the results and make an adjustment to the SpamAssassin score rather than saying "You don't have the optional PTR records for your IP address, we refuse to accept mail from you." The wonderful thing about the SpamAssassin scoring system is that none of us had mailers that refused all e-mail from the Internet when a certain DNSBL went offline by listing the entire Internet as a spam source. Sites that used the DNSBL's directly in sendmail as an on/off switch lost all their mail for a day or two! Chris _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
