On 2021-11-12 at 06:57:14 UTC-0500 (Fri, 12 Nov 2021 12:57:14 +0100)
Togan Muftuoglu <tog...@dinamizm.com>
is rumored to have said:
"DMO" == Demi Marie Obenour <demioben...@gmail.com> writes:
DMO> On 11/11/21 10:28 AM, Bill Cole wrote:
On 2021-11-11 at 06:06:45 UTC-0500 (Thu, 11 Nov 2021 12:06:45 +0100)
Togan
Muftuoglu <tog...@dinamizm.com> is rumored to have said:
Hi,
How can I reject connections from generic Forward Confirmed Reverse
DNS
(FCrDNS) like “123-45-67-8.your.isp.com”.
For the most cases spamhaus is able to block it but with the cloud
providers with FCrDNS as follows not all of them are not blocked.
123-45-67-89.ip.linodeusercontent.com
ec2-12-34-56-789.us-west-2.compute.amazonaws.com
How can I reject these connections
DMO> Do all of the major mail service providers have valid DMARC? If
so, one
DMO> approach would be to reject (or, more likely, quarantine) mail
from such
DMO> hosts *unless* DMARC matches. That would require an external
tool,
DMO> though.
When there is dmarc = none it doesn't work, and I would rather stop
the connection request
at the very beginning, meaning if your rDNS is not who you are
claiming to be then sorry.
The rDNS being generic is very different from rDNS being wrong. Generic
rDNS is lazy, but it's not inherently deceptive. Postfix has long had
simple reject_* directives for shunning clients with no PTR record and
for those with a rDNS name that doesn't resolve back to the client IP.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
