On Thu, 03 Sep 2009, Clunk Werclick wrote: > I'm starting to see plenty of these and they are new to us: > > zgrep "address not listed" /var/log/mail.info > Sep 3 05:26:59 ....: warning: 222.252.239.56: address not listed for > hostname localhost > dig -x 222.252.239.56 > > ... > ;; QUESTION SECTION: > ;56.239.252.222.in-addr.arpa. IN PTR > > ;; ANSWER SECTION: > 56.239.252.222.in-addr.arpa. 83651 IN PTR localhost. > ... > > Taking to one side the various RBL's which are catching these, and not > going the whole 'PTR must match' route - would it be practical to craft > a 10 point rule based on PTR = localhost? Is it even possible to build a > rule based upon DNS returns? > > Forgive the stupidity of the question, but I'm not sure how to, or even > if it can be implemented?
If you reject mail that scores >= 10, then you could accomplish this before mail even gets to SA. Since you appear to be using Postfix, you could experiment with check_reverse_client_hostname_access, which is available in Postfix 2.6 and later. For a general primer on what you can (and cannot) do with respect to SA rules, the following page might be useful: http://wiki.apache.org/spamassassin/WritingRules -- Sahil Tandon <sa...@tandon.net>
