W dniu 2009-04-13 22:46, mouss pisze:
does reject_unknown_sender_domain really reject that many spam (that is
not rejected by zen among other things)?
According to RFC1912:
(...)
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host *should* have a name. The consequences of
this are becoming more and more obvious. Many services available on the
Internet will not talk to you if you aren't correctly registered in the
DNS.
Make sure your PTR and A records match. For every IP address, there
should be a matching PTR record in the in-addr.arpa domain.
(...)
Assuming that spam is a global problem, and above RFC is something to
obey with, it's not really important how many spams we'll block with
reject_unknown_sender_domain. If message is blocked with
reject_unknown_sender_domain, it means sender's server has some problem
with DNS configuration. It's of no cost to configure DNS records for
mailserver, and it makes lots less questions to zen. If mailserver's
admin doesn't care about DNS entries I don't feel any need to care about
emails coming from this mailserver. Fortunately all large public
mailservers we're getting emails from have DNS records set up correctly.
On one of my mailservers I've got:
1859 x Client host rejected: cannot find your hostname
1861 x Client host rejected: cannot find your reverse hostname
2466 x blocked using zen.spamhaus.org
As given above I need less than half of questions to zen RBL. Of course
these numbers can be quite different depending on configuration and type
of email traffic.
In my opinion, *if* one can afford loosing some legitimate mails from
hosts without correct DNS entries, reject_unknown_* rules are worth
using. Still if mail gets rejected, sender has possibility to ask
his/her mailserver's admin to solve the problem.
Pawel Lesniak
