On 7/13/2011 6:47 PM, Reindl Harald wrote: > SOHO or not: ip-addresses in PTR are mostly not real mailservers
The operative word here is "mostly". For instance, my outbound: $ dig mx hardwarefreak.com hardwarefreak.com. IN MX 10 greer.hardwarefreak.com. greer.hardwarefreak.com. IN A 65.41.216.221 $ host 65.41.216.221 221.216.41.65.in-addr.arpa -> mo-65-41-216-221.sta.embarqhsd.net. $ dig TXT hardwarefreak.com hardwarefreak.com. IN TXT "v=spf1 ip4:65.41.216.221 -all" Am I a "foolish administrator" simply due to having generic rDNS? Am I a spammer? Has spam ever emitted from this IP address? Do I have control over my rDNS string? The answer to all 4 is NO. Yet you're recommending to all on this list to summarily block email from my outbound. >> Rejecting all of their mail simply based on the generic rDNS of their >> outbound MTA is a wrong move > > no it is the right move Most of the world disagrees with you in this regard Reindl. Many on this list probably do as well. >> especially since the string clearly >> identifies a static range > > what has nothing to do with mailserver or not > we own also a static /24 range and on this range are some > mailservers, but this does not change anything in the fact > that a infected workstation would come out with one of > this IP-Addresses but NOT with a mail-hostname If you have read my posts you've seen that I'm obviously a big proponent of blocking clients based on dynamic/generic rDNS. But there is a right and wrong way of doing it. Simply blocking it all is the wrong way. Some intelligence gathering must be done to identify primarily ham sending static IP hosts with generic rDNS strings and treating those differently than primarily spam sending clients with dynamic/generic rDNS and dynamic/static IPs. Some such research went into fqrdns.pcre. Again, you need to understand Reindl that not all providers offer custom rDNS to their customers, and not everyone has multiple choice of service. My provider, CenturyLink has a local monopoly. They do not offer custom rDNS, period, no matter how nicely one asks. Your position seems to be that any sending host with generic rDNS should be treated as a spam source and blocked. It is your personal choice to do so, but you're doing a disservice to others by recommending that _everyone_ do so. In 2011 this is not generally acceptable practice. -- Stan
