Oh my, Nick top-posted. Quickly, someone call out the firing squad.

Where you choose to reply to in a message body is a matter of personal preference. It is NOT a breach of email etiquette to prefer a way other than your personal preference. In a list thread, many tend to prefer a top-post as it's assumed that they've already read the thread and thus no longer have a need for what follows, except possibly as a reference (hence the choice to include rather than snip it). The rules of email etiquette exist for the benefit of email users, not for anal retentive users to LART others with.

On to the matter of DNS blocks; we aren't going to agree on this matter. You consider my mail server broken. I consider it optimized. I, and many others, will continue to block connections from mail servers without reverse DNS. Live with it.

Per Arie's question on exactly what I block based upon, it's quite simple. Your reverse DNS must be set. Period. It doesn't have to match. Asking it to match would be, IMHO, a bad idea. The how is quite simple:

Contents of ~vpopmail/etc/tcp.smtp

1. 127.:allow,RELAYCLIENT=""
3. =:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
4. :allow,RBLSMTPD="Blocked - Reverse DNS queries for your IP fail. You cannot send me mail."
5. #:allow,RBLSMTPD="-Blocked - Reverse DNS queries for your IP fail. You cannot send me mail."

1. Obvious, allowing localhost to relay.
2. Allows traffic from the inter7 mailing list (with no reverse DNS)
3. Matches any mail message with reverse dns.
4. Matches what's left (no reverse DNS). By setting the RBLSMTPD environment variable, we actually get to pass a message back to the mail server we're blocking telling them why. That gives them a chance to fix it before the messages bounces.

They'll get a message like this in their mail logs:

Mar 27 08:40:43 seattle qmail: 1048783243.397888 info msg 6469: bytes 258 from <[EMAIL PROTECTED]> qp 13226 uid 0
Mar 27 08:40:43 seattle qmail: 1048783243.438981 starting delivery 533: msg 6469 to remote [EMAIL PROTECTED]
Mar 27 08:40:43 seattle qmail: 1048783243.979048 delivery 533: deferral: _Reverse_DNS_queries_for_your_IP_failed._You_cannot_send_me_mail./ Giving_up_on_207.89.154.94./
Mar 27 08:40:43 seattle qmail: 1048783243.979779 status: local 0/10 remote 0/2

5. If you want to be a little more aggressive about it, use the 5th line instead of the fourth. Notice the '-' character in there. That tells rblsmtpd to return a permanent error (ie, don't try again!).

Mar 27 08:42:40 seattle qmail: 1048783360.776812 info msg 6475: bytes 250 from <[EMAIL PROTECTED]> qp 13464 uid 0
Mar 27 08:42:40 seattle qmail: 1048783360.805534 starting delivery 534: msg 6475 to remote [EMAIL PROTECTED]
Mar 27 08:42:41 seattle qmail: 1048783361.259737 delivery 534: failure: _Reverse_DNS_queries_for_your_IP_fail._You_cannot_send_me_mail./ Giving_up_on_207.89.154.94./
Mar 27 08:42:41 seattle qmail: 1048783361.269637 bounce msg 6475 qp 13467
Mar 27 08:42:41 seattle qmail: 1048783361.270564 end msg 6475

Notice that in the second case, the message bounces immediately. It's your mail server, you have to decide what policy you think is best. Bouncing messages seems to get more attention, and gets it faster than deferring connections.

That's all there is to it. Of course, that assumes you are running rblsmtpd as part of your smtp invocation.


On Thursday, March 27, 2003, at 11:12 AM, Ron Guerin wrote:

On Thu, 2003-03-27 at 11:05, Nick Harring wrote:

Rather than questioning why we would refuse to accept from
non-reversible hosts, why don't we ask why anyone would set a host up
without reverse DNS?

Rather than question why you've deliberately broken your mail server, I
should explain to you why some people running legit servers don't comply
with your arbitrary requirements?

A better question is why I'm wasting my time trying to explain things to
someone who top-posts and sends HTML to mailing lists.

- Ron

Reply via email to