Am 24.10.2014 um 15:12 schrieb Paul Stead:
Being UK based we get a lot of email from these connections.I've just done a quick check and we get a lot of (seemingly) legit email from servers with generic BT PTRs - how wide spread is rejecting email based upon generic PTR rules?
don't know how widespread, what i know is if that would be enforced more widespread 90% of spam sent from hacked customer PC's would disappear and the combination with RBL-scoring kills most junk before SA
in the end it is safer than block IP ranges because everybody get such a reject only needs to call his ISP and order a PTR matching his hostname - the rest is still rejected
stats from the current month Connections: 401569 Delivered: 59683 Blocked: 341886 Invalid User: 7552 Disallowed User: 2 Reject Postscreen: 299255 Reject Postfix: 15568 Reject Milter: 5883 Reject Temporary: 1686 Blacklist: 295208 Pregreet: 17672 Protocol Error: 2323 Spamfilter: 5507 Virus: 371 Helo: 664 Subject: 41 Attachment: 9 Sender Blocked: 544 Sender Invalid: 823 Sender Spoofed: 635 Sender Parked: 33 PTR Missing: 3954 PTR Generic: 864 SPF: 491that you shoud take care of your PTR is common sense at least for 8 years, hence the reject message with links
for such a generic PTR you hit a lot of SA rules anyways
On 24/10/14 13:52, Reindl Harald wrote:Am 24.10.2014 um 14:34 schrieb Joe Quinn:On 10/24/2014 7:25 AM, Paul Stead wrote:Not sure if this is a legit listing, however it's causing problems for some of my user base. I've added btconnect.com to my uridnsbl_skip_domain listNothing legit came up when we were spot-checking the domain, but apparently it's the public mail domain for British Telecom... Should now be fixedtheir dialup-stuff has PTR's like host81-130-209-129.in-addr.btopenworld.com that's better catched with "check_reverse_client_hostname_access" because from the moment it's a legit server with a sane PTR any host can be excluded while compromised endusers still get blocked without the ressource usage of a contentfilter /^host[\.\-]?[0-9]{1,3}[\.\-][0-9]{1,3}[\.\-][0-9]{1,3}[\.\-][0-9]{1,3}[\.\-]?in[\.\-]addr[\.\-]btopenworld\.com$/ REJECT Generic DNS-Reverse-Lookup (PTR-Rule: 97) see http://www.emailtalk.org/ptr.aspx and https://www.ietf.org/rfc/rfc1912.txt
signature.asc
Description: OpenPGP digital signature
