I'm trying to debug a problem and have enabled the "full-log-dir" option to see the contents of each message when I noticed something unusual, or at least something I'm not fully understanding.
One of the messages was obviously from a spammer and this particular IP did not have a reverse DNS entry; I see the entry stating such early in it's conversation. However, after this was established the servers continued to talk where I thought they would have just terminated the conversation. I would've thought that my server would've closed the connection after learning that the connecting server did not reverse it's IP. Here is a snippet from that entry (sanitized to protect the innocent): ################################################# [EMAIL PROTECTED] fulllogdir]# more 20080515_143525_137.101.41.66 05/15/2008 14:35:25 STARTED: VERSION = 3.1.6+TLS, PID = 8307 05/15/2008 14:35:25 LEGEND: To remote host = <<< ; to child process = >>> ; blocked by filter = <XX 05/15/2008 14:35:25 LEGEND: From filter to remote host = <FF ; from filter to child process = FF> <<< 05/15/2008 14:35:25 220 rsmail.mydomain.tld ESMTP >>> 05/15/2008 14:35:26 EHLO corp-66-40-101-137.apnadream.tld <<< 05/15/2008 14:35:26 250-rsmail.mydomain.tld 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 12500000 250 AUTH LOGIN PLAIN CRAM-MD5 >>> 05/15/2008 14:35:27 MAIL FROM:<[EMAIL PROTECTED]> <FF 05/15/2008 14:35:27 250 Refused. You have no reverse DNS entry. FF> 05/15/2008 14:35:27 . QUIT >>> 05/15/2008 14:35:27 RCPT TO: <[EMAIL PROTECTED]> <FF 05/15/2008 14:35:27 421 Refused. You have no reverse DNS entry. >>> 05/15/2008 14:35:27 RCPT TO: <[EMAIL PROTECTED]> <FF 05/15/2008 14:35:27 421 Refused. You have no reverse DNS entry. ...[ snipped out a couple dozen more entries of "Refused" ] ... >>> 05/15/2008 14:35:27 RCPT TO: <[EMAIL PROTECTED]> <FF 05/15/2008 14:35:27 421 Refused. You have no reverse DNS entry. >>> 05/15/2008 14:35:27 DATA <FF 05/15/2008 14:35:27 421 Refused. You have no reverse DNS entry. <XX 05/15/2008 14:35:27 502 unimplemented (#5.5.1) 221 rsmail.mydomain.tld 05/15/2008 14:35:28 CLOSED [EMAIL PROTECTED] fulllogdir]# ################################################# So I guess my question is ... can we get Spamdyke to close the connection after the first false DNS check instead of waiting for it to wade through all the bogus RcptTo's? Maybe this violates some RFC, I don't know, so please correct me if this is weird/unreasonable. -ken -- Have a nice day ... unless you've made other plans. _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
