However, as time has worn on (and the amount of SPAM has blossomed), we have started testing this hack on our in-house testing server. Hearing of your experiences does make me feel a bit better regarding the patch, too. Do you have any stats on how many connections this has prevented?
I'd personally be interested in seeing your modified version of the hack (your hacked hack :) ) just to see and understand the differences.
-Rich
Hello all, this is a bit off topic but relevant.
We finally decided it was probably time to implement AOL style reverse DNS checks into our MTA. Since AOL has been doing it now for something like 6 months it is a pretty fair bet that most US customers that are legit have corrected their DNS issues... or so we thought!
Why reinvent the wheel... we implemented a slightly modified version of this sendmail m4 HACK here: http://www.cs.niu.edu/~rickert/cf/hack/require_rdns.m4
Which basically does this:
1. Check relay for rDNS then check the response (gethostbyaddr check)
2. If there is not PTR record FAIL
3. If you cannot find DNS record for it at all, maybe DNS is down, TEMPFAIL
4. If there is rDNS (PTR) but it appears forged (different than forward or
result doesnt resolve), TEMPFAIL
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
