Just a follow-up. It's Telstra, Australia's largest Telco, that's doing this. Perhaps it deserves a closer look. Again, not a high priority.
-- -Eric 'shubes' On 10/04/2013 01:53 PM, Sam Clippinger wrote: > OK, I get it. In other words, check the MX exists, that the MX names all > have IPs AND that all of those IPs have rDNS names. Right now, spamdyke only > checks that an MX exists and at least one of the MX names has an IP. If the > test were written to enforce "all servers must have" instead of "at least one > server must have", checking rDNS could generate a whole lot more DNS traffic, > especially from large senders with lots of servers (e.g. Gmail). I don't > really think it would do any good to run that check -- the false positive > rate would likely be pretty high (and very difficult to explain to blocked > senders). I think it's enough to check the rDNS name of the actual incoming > IP and leave it at that. > > I suppose this could be tested by going through a collection of both spam and > ham to run this additional check on the originating servers. It wouldn't be > too hard to whip up a shell script to generate numbers for each collection of > messages, if someone were interested. > > -- Sam Clippinger > > > > > On Oct 4, 2013, at 2:44 PM, Eric Shubert wrote: > >> I'm with you. >> >> I came across a mail server which was (reportedly) checking the rDNS for >> the IP corresponding to the A record which the MX pointed to. This was >> an entirely different host than the one sending the message. I realize >> MX is only used for incoming messages, and thought it was a rather >> pointless check. Perhaps it was a misconfigured email gateway of some sort. >> >> I just wondered if it might be a legitimate thing to check. It's sort of >> like saying "I'm going to check your incoming configuration for errors >> before I accept a message from your domain". Rather pointless in some >> senses. >> >> In any case, to implement this, spamdyke would do an rDNS check on the >> IP address corresponding to each MX name, and also check to be sure the >> rDNS name resolves. It would be (one or) two additional DNS lookups per >> MX, and would only make sense to do when "reject-missing-sender-mx" is >> in effect. It would be something like >> "reject-empty-sender-mx-rdns" and >> "reject-unresolvable-sender-mx-rdns". >> >> I just don't know if this check would be worthwhile or not. Definitely a >> low priority. >> >> Thanks Sam! >> >> -- >> -Eric 'shubes' >> >> >> On 10/03/2013 08:27 PM, Sam Clippinger wrote: >>> I'm not exactly sure what you're describing here. MX records are supposed >>> to be names, not IP addresses. spamdyke's "reject-missing-sender-mx" >>> option already checks for the existence of an MX record, then tries to >>> resolve each name to an IP address. I'm not sure I would see the point in >>> trying to resolve each IP address' reverse DNS name; reverse DNS is >>> generally required for IP addresses where email connections originate, not >>> where they terminate. In other words, outgoing servers should have valid >>> rDNS, but incoming servers aren't required to have it -- if a server is >>> willing to accept email, that's not necessarily an indication it's a spam >>> source. >>> >>> Some DNS administrators mistakenly set their MX records to contain IP >>> addresses. This is technically illegal, but spamdyke honors them as valid >>> with no further checking. >>> >>> So anyway, I think I'm misunderstanding what you're asking for. :) >>> >>> -- Sam Clippinger >>> >>> >>> >>> >>> On Oct 3, 2013, at 7:16 PM, Eric Shubert wrote: >>> >>>> I don't know if this has come up before, but it just came to my >>>> attention that there are some mail servers which check rDNS of domain MX >>>> records before accepting emails. I don't believe spamdyke does this. >>>> >>>> Is this a total waste, or would it perhaps catch some spammers? >>>> >>>> Some domains have many MX records. I wonder if all MXs are checked, or >>>> only the highest priority? >>>> >>>> Seems like a bit of a waste of resources to me. Any thoughts about this? >>>> >>>> (I'd certainly prefer to see SPF implemented than MX rDNS checking!) >>>> >>>> Thanks Sam (and everyone). >>>> >>>> -- >>>> -Eric 'shubes' >>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
