Irony
Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita
Re: Irony
On 01/02/2011 15:30, Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita Why??? Default Server: cache0201.ns.eu.uu.net Address: 193.79.237.39 hermes.apache.org Server: cache0201.ns.eu.uu.net Address: 193.79.237.39 Non-authoritative answer: Name:hermes.apache.org Address: 140.211.11.3 140.211.11.3 Server: cache0201.ns.eu.uu.net Address: 193.79.237.39 Name:hermes.apache.org Address: 140.211.11.3 -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: Irony
* Danita Zanre dan...@caledonia.net: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Enforce how exactly? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Irony
On Tue, 01 Feb 2011 07:30:19 -0700 Danita Zanre dan...@caledonia.net wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. The irony is that you think that's a good idea. -- David.
Re: Irony
David F. Skoll wrote: On Tue, 01 Feb 2011 07:30:19 -0700 Danita Zanre dan...@caledonia.net wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. The irony is that you think that's a good idea. -- David. Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? RCR
Re: Irony
On 01/02/2011 15:43, Randy Ramsdell wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Personally, rejecting a message on the basis of a single criteria is pretty harsh. You don't need to be the RFC-police to catch nearly all spam and I'm sure that rejecting on a single issue or dubious fact will affect the receipt of genuine non-SPAM messages. -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: Irony
On 2/1/11 9:34 AM, Giles Coochey wrote: On 01/02/2011 15:30, Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita Why??? Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) because HELO doesn't match RDNS. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: Irony
On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdell rramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Microsoft Windows is very common, but that doesn't make it a good idea. We add a small score [1.2 points, to be precise] for sending relays that lack reverse-DNS. I can guarantee we'd get a high number of false-positives if we outright rejected such relays. Regards, David.
Re: Irony
David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdell rramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Microsoft Windows is very common, but that doesn't make it a good idea. We add a small score [1.2 points, to be precise] for sending relays that lack reverse-DNS. I can guarantee we'd get a high number of false-positives if we outright rejected such relays. Regards, David. We do not reject either, but many do. i.e Yahoo
Re: Irony
On 2/1/11 9:49 AM, David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdellrramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? so we should reject your email if you are on the rfc-ignorant. org list? 220 beattock.caledonia.net ESMTP ready. helo mx1.secnap.com.ionspam.net 250 beattock.caledonia.net Hello mx1.secnap.com.ionspam.net [204.89.241.253] mail from: 250 OK rcpt to: ab...@caledonia.net 550 Missing, invalid or expired BATV signature Connection closed by foreign host. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: Irony
On 01/02/2011 15:49, Michael Scheidell wrote: On 2/1/11 9:34 AM, Giles Coochey wrote: On 01/02/2011 15:30, Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. Danita Why??? Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) because HELO doesn't match RDNS. OMG It must be SPAM! -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: Irony
On Tue, 1 Feb 2011 09:49:36 -0500 Michael Scheidell michael.scheid...@secnap.com wrote: because HELO doesn't match RDNS. Rejecting on that basis would also cause tons of false-positives. Regards, David.
Re: Irony
Michael Scheidell wrote: On 2/1/11 9:49 AM, David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdellrramsd...@activedg.com wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? so we should reject your email if you are on the rfc-ignorant. org list? 220 beattock.caledonia.net ESMTP ready. helo mx1.secnap.com.ionspam.net 250 beattock.caledonia.net Hello mx1.secnap.com.ionspam.net [204.89.241.253] mail from: 250 OK rcpt to: ab...@caledonia.net 550 Missing, invalid or expired BATV signature Connection closed by foreign host. No
RFC-Ignorant (was Re: Irony)
On Tue, 1 Feb 2011 09:52:04 -0500 Michael Scheidell michael.scheid...@secnap.com wrote: [204.89.241.253] mail from: 250 OK rcpt to: ab...@caledonia.net 550 Missing, invalid or expired BATV signature A long time ago, I was involved with an argument with the RFC-Ignorant maintainer. The thread starts here: http://lists.megacity.org/pipermail/rfci-discuss/2004-September/002668.html The gist of my argument was that addresses that never *send* mail can reasonably expect never to *receive* DSNs or other kinds of messages with an envelope sender of and can legitimately block them. The battle raged for a while, but eventually we were delisted. (We block mail from to postmas...@roaringpenguin.com because we never, ever send mail from postmas...@roaringpenguin.com) Regards, David.