Am 14.07.2011 01:28, schrieb Stan Hoeppner:
> On 7/13/2011 3:08 PM, mouss wrote:
>> Le 13/07/2011 19:04, motty.cruz a écrit :
>
>>> Received: from ucmx01.uzuncase.com (66-193-162-90.static.twtelecom.net
>>> [66.193.162.90])
>
>> you might start with
>> /^(\d+\W){4}.*\.twtelecom\.net$/
>> REJECT generic hostname. please use your ISP or fix your DNS.
>
> This wouldn't be wise mouss. It would reject all mail from a legit
> site. This is a SOHO IP range in Georgia, USA, occupied by an
> engineering firm, Uzune & Case. SOHO or not: ip-addresses in PTR are mostly not real mailservers or maintained by foolish administrators because someone with a little knowledge would call the A/PTR "mail.twtelecom.net" or "smtp.twtelecom.net" > Rejecting all of their mail simply based on the generic rDNS of their > outbound MTA is a wrong move no it is the right move > especially since the string clearly > identifies a static range what has nothing to do with mailserver or not we own also a static /24 range and on this range are some mailservers, but this does not change anything in the fact that a infected workstation would come out with one of this IP-Addresses but NOT with a mail-hostname
signature.asc
Description: OpenPGP digital signature
