On Tuesday 20 February 2007 17:52, Michael Holzt wrote: > > Aiming for a quiet life Michael. It's my own server and I don't > > particularly mind if I break any rules discouraging scammers > > and hackers. > > I'm sick of people like you breaking SMTP. I operate mail servers > for 12 years and i've been on the "wrong side" of mail filtering > more than once and without me doing wrong. I've seen mail returned > for RDNS failure (when the DNS was working) and other obscure > reasons.
At work we used to 4xx mail delivered from MTAs with unresolvable rDNS, expecting them to fix it and retry, but as you say it would often mis-fire. Even with our help, most of our smaller customers have a lot of trouble getting their service provider to get their rDNS right, so we don't do it any more. It's not appropriate if you're providing mail service to someone who cares about mail loss, and it's not appropriate when domains may have SPF, DKIM signing of the headers or other way of assuring that this mail is not a forgery (though it still may or may not be spam). SpamAssassin gives "no rDNS" a nice boost on the spam score anyway. What we do do, though, is 4xx if MAIL FROM is unresolvable - that gets rid of all the spam/phish forgeries from invented or expired domains. I'll have to check how much but it's significant. I host no mailing lists so I do 4xx for "no rDNS" at home, with a few exceptions for known faulty sites, just to reduce the load on my poor little hosted virtual server. I intend to take this off when I'm sure DKIM is working and when fewer sites publish ~all in SPF (thanks to the many here putting effort into 0.33, may I say). But at the moment, if it's a case of 4xx-ing mail or spending money I can't afford out of my own pocket for extra RAM/disk/cpu then there's no contest really. I even rejected my boss's mail when he messed up the company DNS, heheh :-) I'm not sure which part of RFC 2821 you're referring to when you talk about "breaking SMTP" in the context of rDNS checking. But let's say (theoretically speaking of course) the OP rejects my mail. It's purely his loss, and his responsibility if he ends up in RFCI or other blacklists for breaking SMTP. Not that I send from an unresolvable host, but a mess-up in any of the resolver hops between his DNS and mine could cause it. Nick
