On 11/11/21 10:28 AM, Bill Cole wrote: > On 2021-11-11 at 06:06:45 UTC-0500 (Thu, 11 Nov 2021 12:06:45 +0100) > Togan Muftuoglu <tog...@dinamizm.com> > is rumored to have said: > >> Hi, >> >> How can I reject connections from generic Forward Confirmed Reverse >> DNS >> (FCrDNS) like “123-45-67-8.your.isp.com”. >> >> >> For the most cases spamhaus is able to block it but with the cloud >> providers >> with FCrDNS as follows not all of them are not blocked. >> >> 123-45-67-89.ip.linodeusercontent.com >> >> ec2-12-34-56-789.us-west-2.compute.amazonaws.com >> >> >> How can I reject these connections > > The canonical answer is "check_client_access with a pcre table" but if > you want something comprehensive that you don't need to actively manage > yourself you should consider the "Enemies List" service: > http://enemieslist.com. They use a rich set of non-obvious name patterns > and important exceptions. You likely do NOT want to arbitrarily reject > all mail from all hosts with programmatically IP-derived names, unless > you are intending to engage in a secondary boycott of major mail service > providers' (e.g. Microsoft) customers. > > (and no, I'm not affiliated with them in any way.)
Do all of the major mail service providers have valid DMARC? If so, one approach would be to reject (or, more likely, quarantine) mail from such hosts *unless* DMARC matches. That would require an external tool, though. Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
