Zitat von li...@rhsoft.net:
Am 04.02.2015 um 22:54 schrieb Noel Jones:On 2/4/2015 3:12 PM, li...@rhsoft.net wrote:*sadly* that sort of incoming rules is not widespreaded enough, otherwise spam from infected botnet zombies would no longer exist and frankly the rule for "IP....hfc.comcastbusiness.net" is manually written by look at the incoming junk amount all day long hitting the contentfilter and no single legit mail without SPF/DNSWL over months /^[\.\-]?([0-9]{1,3}[\.\-]){2,4}[\.\-]?[a-z]{4,20}[\.\-]hfc[\.\-]comcastbusiness[\.\-](co|com|net|org)$/ REJECT Generic DNS-Reverse-Lookup (PTR-Rule: 435) see http://www.emailtalk.org/ptr.aspx or configure http://en.wikipedia.org/wiki/Sender_Policy_Framework even if it is not a directly reject *every* SpamAssassin setup on this planet gives you a penalty for such a PTR and that maybe the last piece needed for a milter-reject - in that case you don't know the reasons, with the reject above you do score RDNS_DYNAMIC 2.639 0.363 1.663 0.982 score NO_RDNS_DOTCOM_HELO 3.100 0.433 3.099 0.823Your filter is broken if it can't tell the difference between a static and dynamic PTR.your mailsetup is broken if you don't care about basics like a sane PTR and frankly even the admin before me not cared about much things insisted more than 10 years ago the we never ever send out mails from a generic PTRthe truth is that a xx.xx.xx.xx-static-dsl.isp.tld is not a mailserver just becaus eit contains the word "static" - in fact most of them are ordinary office dsl lines with clients behind
You are putting too much of meaning in a DNS token. There is no global rule or RFC about the interpretation of the string forming this token. I'm totaly free to call my host bad-host-static-0815.example.com.
There are a lot of zombies in the *.comcastbusiness.* PTR space, but you throw out the baby with the bathwater. There are other ways to get rid of the zombies on static IPs without wholesale blocking. Greylisting and a couple reliable RBLs (or postscreen) will block the vast majority of zombies without wholesale slaughter.you did not get the point:if PTR's with a IP-part would be rejected worldwide and ISP's would block outgoing port 25 for homeusers the business of infect client PCs to send out malware to MX hosts would die from one day to the next* greylisting does *much* more harm be it for large senders retry with a dfiierent IP or sender verification on the other side for your own outgoing mail
It is true that it is more burden for the sender, but that is *always* the case with spam preventing systems
* all the dialupo RBLs are far from complete
You don't need them
* other RBLs are way too late, if someone makes it on them he already had sucess in send his crap out
With greylisting the RBL has time to settle
* there is no single reason for not have a sane PTR
I'm free to call my hosts as i like as long as it is a valid DNS token
* postfix has even a setting that A/PTR needs to *match* and if someone enables that we no longer dicuss about the PTR part in the reverse DNS at all
This is not related at all. With a matching PTR there is some *week* evidence that i'm the "owner" of the IP, nothing more.
See, even you don't block everyone with an offending PTR -- you check for valid SPF or dnswlbecause the intention is *not* to block mailservers a random enduser IP i not listed in the SPF record nor on DNSWL's
We don't care about DNS names and we do not even check for matching PTR or SPF,DNSWL and the like and still our spam ratio reaching the inbox from random dial-ups is below 5%. The vast majority of spam are the famous freemailer like Yahoo,Hotmail,Google some hacked edu-accounts and the well connected SPF/PTR whatever clean spam centers around the world.
So no, to construct some meaning to DNS token which is not there is not useful at all.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
