On 15/02/2021 18:25, Bill Cole via mailop wrote: > On 15 Feb 2021, at 12:53, Jaroslaw Rafa via mailop wrote: >> Dnia 15.02.2021 o godz. 15:43:56 Matthew Stith via mailop pisze: >>> 127.255.255.252 - Typing error in DNSBL Name >>> 127.255.255.254 - Query via public/open resolver/generic >>> unattributable rDNS >>> 127.255.255.255 - Excessive Number of Queries > > Postfix has supported specification of result values for DNSBLs for at > least 15 years. Restricting action to specific result values is > well-documented and generally considered a best practice, since the > problem of DNSBL domains falling into the hands of domain vultures who > wildcard all subsidiary names has been a known failure mode for as long > as DNSBLs have existed.
Note: it is not really good enough to just filter the responses and ignore the problem. Invalid responses need to be logged for further action, either to fix the resolver or remove the lookup. There's a change in Exim to do this, but it assumes that all of 127/8 is valid so the Spamhaus codes won't be recognised: https://git.exim.org/exim.git/commitdiff/cebf4027931177cc70106a84e19705f2085a09f5 -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
