Dan Barker wrote:
>I can't find any doc on PTR rules. Specifically, I'd like to make my
>SpamAssassin 3.0.1 score if there is no PTR record for the first "foreign"
>IP in the "Received by" chain.
>
>This can't be difficult, but I've scanned the doc to the best of my ability
>(my best may not be particularly good<g>) and come up empty.
>
>
>
There's no "easy" way to do this if you want SA to perform the PTR
lookup. You'd have to do that as a plugin, which involves writing some
perl code that makes use of Net::DNS.
However, if your mailserver normally does the lookup you can write a
regex to look for a Received: header from your MX that has no hostname.
Take this Received: header for example (sendmail generated)
Received: from eyou.com ([218.6.19.122]) by xanadu.evi-inc.com ....
Compared to
Received: from fsmail432.com (H1b65.h.pppool.de [85.72.27.101])
by xanadu.evi-inc.com ...
A rule like this would work for my mailserver:
header L_NO_RDNS_RCVD Received =~/from [\w.]{0,20}
\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) .{0,50} by xanadu\.evi/
score L_NO_RDNS_RCVD 0.1
For what it's worth, I've seen a lot of legitimate servers lacking RDNS
entries, so I'd keep the score on this under 2.5.
(That said, one measure I do already take is I greylist all servers with
no RDNS.. Selective greylisting works pretty well. )
