mail filtering based on reverse DNS
Jeroen Massar
jeroen at unfix.org
Thu Aug 11 23:10:55 CEST 2011
To quickly answer Erik's question: working IP->reverse->forward->IP
mapping check along with that a matching EHLO (not HELO which just
implies the client is too old ;) is the best way to curb
non-properly-administered SMTP clients. If an administrator of a host
acting as an SMTP client cannot be bother to set that up properly they
don't have a to expect that anybody is going to accept their mail either.
Of course, submission-smtp (port 587) can ignore that check as then one
is doing authentication anyway.
On 2011-08-11 17:07 , Cameron Byrne wrote:
[..]
> I like the idea of reverse only being for systems that are in the
> legitmate control of the domain, ie ...not joe random subscriber of an isp.
Please take that back and change that to: the user of the IP prefix
should have the ability to properly configure reverse pointers by either
having PTR records at the ISP or being able to delegate that prefix to
their own nameservers.
> I do think the lack of reverse helps give reputation information about
> the host.
Yes, indeed, and thus even Joe Random Subscriber, who is able and
willing to take the steps to go the ISP webinterface to configure that
should be able to.
Otherwise you are just going to advocate that there is a difference
between 'business class' and 'luser class' that should not exist on the
Internet.
As long as viruses/trojans do not figure out how to automatically
configure those reverses it automatically excludes any of those
endpoints from having a direct SMTP conversation with real servers,
which would pretty much be awesome.
Of course, if the user did setup forward/reverse and then the box gets
owned we are out of luck, but heck, all those vulnerable wordpress etc
hosts are already much better for those purposes anyway, thus there are
enough of those. This will just cut off another 0.0001% (well probably
more) of possible senders out there.
Greets,
Jeroen
More information about the ipv6-ops
mailing list