Title: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

As the only other person on this apparently doing this, I thought I'd just weigh in briefly (again) with regards to why we do it. For those folks who're worried about the sanctity of my users email, don't be. My users understand what is occuring, and have requested, over and over, stricter spam filtering.

I would heavily disagree that my servers are "broken", and I would also say I'm not extending any RFC. I don't claim that what I'm doing is RFC mandated, or even supported by one. Honestly, if the RFC doesn't speak one way or the other, its fair game. That's the way quite a few things on the Internet have worked in the past, continue to work now, and most likely will in the future. Honestly, quite a few qmail admins are bending RFCs if they run qmtp daemons and "embed" the information to indicate this in the numeric values of their MX records. There is no RFC on this, no other mail client, to my knowledge, knows about it, etc.

I, quite obviously, side with all the people who say it may or may not be a good idea, but it certainly isn't broken. Spam is a huge problem for my users, for a number of reasons, and this was the next best step my predecessor and myself could find. It seems to have cut down the volume of spam, though I don't really maintain much tracking data on it. So far I've had good luck in my interactions with administrators of other mail systems, however I certainly wouldn't consider it their duty to advertise a non-required piece of information in their dns.

Nicholas Harring
System Administrator
Webley Systems, Inc

-----Original Message-----
From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 27, 2003 1:03 PM
Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

> those are all true. the term in contention is "broken".  obviously, if a
> mailserver is refusing messages from sites with "even IP addresses"
> (whatever those are, how is an IP address even or odd?) *and the reason for
> that refusal is not known*, then it's broken. If it's been purposely
> configured that way, it's not broken, regardless of how bizarre it may
> seem.

Agreed.  Totally agreed.

> don't confuse me with the person who configured his mailserver that way.
> None of my mailservers - across three ISP currently - block mail based on
> lack of in-addr.arpa. I'm merely defending the choice of someone to do so,
> and pointing out that making that choice does not inherently make the
> mailserver "broken".

Noted, and I apologize.  I think that we're actually arguing the same point.

> actually, the fault becomes excruciatingly fuzzy at that point. does an
> administrator have a right to run his mailserver in a way that protects it
> from large amounts of spam? for that matter, what about spam filtering not

I have not seen any proof that spammers tend to spam from addresses which
don't resolve.  I mean the ISP I run has a reverse address for every IP in
our IP ranges -- in theory anyone spamming from us would get through the
filter, at least until we ToS'd them.

For me, rejecting email before the data is accepted by my mail server is a
holy grail.  However I content-filter so I can't reject the mail based on
content until I actually see the content.  And with my servers, I deliver
mail deemed spam into a 'spam' IMAP folder and the user is free to view it or
ignore it at their discretion.  All that the OP is doing is moving that up a
level and actually telling the other server that a) it's not accepted and b)
saving himself the bandwidth.  Both, in my opinion, are noble causes.

However, I also believe that if you are not adhereing to RFCs for inter-server
communication that you are not being a good 'net citizen.  My users don't get
their spam, but I'm also following the RFC (much closer) to the letter than
the OP, who rejects email if the server does not have a reverse IP mapping.

Where is the line?  That is a very good question.  I agree that it's your
server and you really can run it any way you please, but if you're going
above and beyond the requirements of an RFC, you're no longer following that
RFC and is (in my mind) the internet equivalent to driving in a residential
area with a failed muffer or a stereo cranked to the max.  You can _do_ it,
but it's not _nice_. 

As the OP stated, it's for his personal mail server.  He has no customers.  I
would not be able to get away with it with my ISP.  If I _could_ get away
with it, would I?  I don't think so, as per the previous paragraph.

> based upon in-addr.arpa lookup that blocks messages inadvertently? no spam
> filter is 100% perfect, though some bayesian filters appear to be
> approaching that. what do you do when a customer runs a mailing list where
> they share with friends particularly funny examples of spam? the messages
> contain spam, but aren't spam themselves - yet virtually every spam filter
> out there would block them.

Agreed, although that is what whitelists and learning filters are all about. 
Offhand, I woudl love to see a learning filter which filtered "funny" spam
from not funny spam.  :-)

> >   Whether that is acceptable to you or not is your (and your
> >customer's) worry, not mine.  I am under no obligation to correct my
> >"mistake" simply because you don't like it and have configured your
> > servers not to like it.
> and likewise, i hope you realize.

Agreed.  As I said earlier, it's your (as in the owner's) box, they can do
with it as they please.  But if he were to come to me and say "YOUR DNS is
broken, fix it!" I would not be so kind, as he's brought it upon himself to
extend the SMTP RFCs and for (in my experience) limited utility.


... trying to get back on topic...  So...  how's them vpopmails coming along? 

Reply via email to