On Thu, 2009-09-03 at 23:33 +0200, mouss wrote: > Clunk Werclick a écrit : > > On Thu, 2009-09-03 at 01:36 -0400, Sahil Tandon wrote: > >> On Thu, 03 Sep 2009, Clunk Werclick wrote: > >> > >>> I'm starting to see plenty of these and they are new to us: > >>> > >>> zgrep "address not listed" /var/log/mail.info > >>> Sep 3 05:26:59 ....: warning: 222.252.239.56: address not listed for > >>> hostname localhost > >>> dig -x 222.252.239.56 > >>> > >>> ... > >>> ;; QUESTION SECTION: > >>> ;56.239.252.222.in-addr.arpa. IN PTR > >>> > >>> ;; ANSWER SECTION: > >>> 56.239.252.222.in-addr.arpa. 83651 IN PTR localhost. > >>> ... > >>> > >>> Taking to one side the various RBL's which are catching these, and not > >>> going the whole 'PTR must match' route - would it be practical to craft > >>> a 10 point rule based on PTR = localhost? Is it even possible to build a > >>> rule based upon DNS returns? > >>> > >>> Forgive the stupidity of the question, but I'm not sure how to, or even > >>> if it can be implemented? > >> If you reject mail that scores >= 10, then you could accomplish this before > >> mail even gets to SA. Since you appear to be using Postfix, you could > >> experiment with check_reverse_client_hostname_access, which is available in > >> Postfix 2.6 and later. > > Thank you Sahil. It's a job for Postfix (when I get around to 2.6) > > because...... > >> For a general primer on what you can (and cannot) do > >> with respect to SA rules, the following page might be useful: > >> > >> http://wiki.apache.org/spamassassin/WritingRules > > .... this gives no hint to crafting rules on DNS status - which is as I > > thought, hence the question in the first instance. > >> -- > > I think I have posted something on this not too long ago on the postfix > list. > > > check_helo_hostname_access hash:/etc/postfix/access_host > check_reverse_client_hostname_access hash:/etc/postfix/access_host > > > == access_host: > localhost REJECT Bogus PTR > localdomain REJECT Bogus PTR > .localdomain REJECT Bogus PTR > .lan REJECT Bogus PTR > > .... > > > Thanks. This is the prefered mode of operation. In hindsight I would rather reject at the MTA level before wasting any clock cycles scanning it with Spamassassin. I just don't want it picking on all 'bent' ptr records. -- ----------------------------------------------------------- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
