pf at alt-ctrl-del.org put forth on 9/7/2010 11:02 PM:
> Am I missing something obvious?
>
> With many ISPs providing generic PTR,
> reject_unknown_reverse_client_hostname is too gentle.
>
> I'd really like to implement reject_unknown_client_hostname, but I've
> seen too many cases where address->name mapping = exists, the
> name->address mapping = exists, BUT the name->address mapping is in the
> same /24 - but off by a couple of IPs.
>
> Is there a test that I'm missing out on that is simply address->name
> mapping = exists, and name->any address mapping = exists?
> Or a chain of tests that can accomplish the same thing?
The battle against spam coming from generic rDNS clients isn't new. I
suggest you try this combo for a while. The pcre file rejects generic
rDNS patterns covering a large section of ISPs in the US, Canada,
Europe, and elsewhere. I've been using it for quite a while with good
results, as have a few others on this list. I'll let them speak for
their results with it, if they so choose. This pcre doesn't cover all
the ISPs on the planet, so you may want/need to add to it over time.
...
reject_unknown_reverse_client_hostname
...
check_client_access pcre:/etc/postfix/fqrdns.pcre
...
http://www.hardwarefreak.com/fqrdns.pcre
--
Stan
