Am 04.02.2015 um 22:54 schrieb Noel Jones:
On 2/4/2015 3:12 PM, li...@rhsoft.net wrote:
*sadly* that sort of incoming rules is not widespreaded enough,
otherwise spam from infected botnet zombies would no longer exist
and frankly the rule for "IP....hfc.comcastbusiness.net" is manually
written by look at the incoming junk amount all day long hitting the
contentfilter and no single legit mail without SPF/DNSWL over months
/^[\.\-]?([0-9]{1,3}[\.\-]){2,4}[\.\-]?[a-z]{4,20}[\.\-]hfc[\.\-]comcastbusiness[\.\-](co|com|net|org)$/
REJECT Generic DNS-Reverse-Lookup (PTR-Rule: 435) see
http://www.emailtalk.org/ptr.aspx or configure
http://en.wikipedia.org/wiki/Sender_Policy_Framework
even if it is not a directly reject *every* SpamAssassin setup on
this planet gives you a penalty for such a PTR and that maybe the
last piece needed for a milter-reject - in that case you don't know
the reasons, with the reject above you do
score RDNS_DYNAMIC 2.639 0.363 1.663 0.982
score NO_RDNS_DOTCOM_HELO 3.100 0.433 3.099 0.823
Your filter is broken if it can't tell the difference between a
static and dynamic PTR.
your mailsetup is broken if you don't care about basics like a sane PTR
and frankly even the admin before me not cared about much things
insisted more than 10 years ago the we never ever send out mails from a
generic PTR
the truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver
just becaus eit contains the word "static" - in fact most of them are
ordinary office dsl lines with clients behind
There are a lot of zombies in the *.comcastbusiness.* PTR space, but
you throw out the baby with the bathwater. There are other ways to
get rid of the zombies on static IPs without wholesale blocking.
Greylisting and a couple reliable RBLs (or postscreen) will block
the vast majority of zombies without wholesale slaughter.
you did not get the point:
if PTR's with a IP-part would be rejected worldwide and ISP's would
block outgoing port 25 for homeusers the business of infect client PCs
to send out malware to MX hosts would die from one day to the next
* greylisting does *much* more harm be it for large senders
retry with a dfiierent IP or sender verification on the
other side for your own outgoing mail
* all the dialupo RBLs are far from complete
* other RBLs are way too late, if someone makes it on them
he already had sucess in send his crap out
* there is no single reason for not have a sane PTR
* postfix has even a setting that A/PTR needs to *match*
and if someone enables that we no longer dicuss about
the PTR part in the reverse DNS at all
See, even you don't block everyone with an offending PTR -- you
check for valid SPF or dnswl
because the intention is *not* to block mailservers
a random enduser IP i not listed in the SPF record nor on DNSWL's
