Noel, pf: Thanks for your suggestions and comments. I also had the same questions and its good to see that others used reject_unknown_reverse_client_hostname without too many false-positives.
Now I will enable it on my production server. Regards, -- Klaus Engelmann CCNA CCDA - CSCO10971632 LPIC-2 - LPI000138061 On Thu, Aug 19, 2010 at 4:37 PM, Noel Jones <njo...@megan.vbhcs.org> wrote: > On 8/19/2010 2:15 PM, p...@alt-ctrl-del.org wrote: >>> >>> From: D G Teed Subject: How common is reverse DNS checking? >> >>> Out of all of the things we do to restrict spam, >> >> the only one with a steady trickle of false positives is >> the host lookup not passing reverse DNS check. >>> >> >> reject_unknown_client_hostname = gives problems >> reject_unknown_reverse_client_hostname = 0 complaints here >> > > > Same here. reject_unknown_client_hostname is too strict, but > reject_unknown_reverse_client_hostname rejects lots of obvious spambots > without resorting to an RBL lookup. The false-positive rate is close enough > to zero that I would not consider removing this restriction. > > -- Noel Jones >
