{"id":4454,"date":"2017-02-12T11:48:59","date_gmt":"2017-02-12T11:48:59","guid":{"rendered":"https:\/\/really.zonky.org\/?p=4454"},"modified":"2017-02-12T11:48:59","modified_gmt":"2017-02-12T11:48:59","slug":"exim-rejecting-mail-with-no-reverse-dns","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=4454","title":{"rendered":"Exim: Rejecting Mail With No Reverse DNS"},"content":{"rendered":"<p>A very long time ago, I used to collect spam in order to <a href=\"http:\/\/zonky.org\/notes\/spam-report\/\">graph<\/a> how much spam a single mail server was likely to get over time, and almost as long ago, I lost interest in maintaining it. As a consequence I still get a\u00a0<em>ton<\/em> of spam every day and after a long period of procrastination I have been slowly raising defences against spam.<\/p>\n<p>This particular recipe is not really a defence against spam &#8211; it verifies that the remote server is properly DNS registered with a reverse DNS registration &#8211; in other words that the IP address it is connecting from is registered. This is a requirement for all mail servers, and as it turns out, spammers don&#8217;t care for registering their servers in the DNS.<\/p>\n<p>This ACL snippet goes into the ACL for checking the recipient or for checking the message :-<\/p>\n<pre> deny\r\n   message = Your mail server is not properly DNS registered\r\n   log_message = BLOCKED: No rDNS\r\n   condition = ${if eq{$host_lookup_failed} {1} {1}{0}}\r\n   # Check rDNS and block if not registered\r\n\r\n<\/pre>\n<p>There are three items of interest :-<\/p>\n<ol>\n<li>The <em>message<\/em> is intended to be easily read by recipients to determine what the problem is. It turns out that many people do not read NDRs, but if we get the message right at least <em>we<\/em> are doing the right thing.<\/li>\n<li>The <em>log_message<\/em> is intended to make automating log parsing easier.<\/li>\n<li>Within the condition, the <em>$host_lookup_failed<\/em> variable indicates that the reverse DNS lookup returned NXDOMAIN and not that it timed out (which would be <em>$host_lookup_deferred<\/em>).<\/li>\n<\/ol>\n<p>That&#8217;s all there is to this little piece of configuration.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4306\" src=\"https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/damascus-dns.jpeg?resize=695%2C463&#038;ssl=1\" alt=\"\" width=\"695\" height=\"463\" srcset=\"https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/damascus-dns.jpeg?w=792&amp;ssl=1 792w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/damascus-dns.jpeg?resize=300%2C200&amp;ssl=1 300w, https:\/\/i0.wp.com\/really.zonky.org\/wp-content\/uploads\/damascus-dns.jpeg?resize=768%2C512&amp;ssl=1 768w\" sizes=\"auto, (max-width: 695px) 100vw, 695px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A very long time ago, I used to collect spam in order to graph how much spam a single mail server was likely to get over time, and almost as long ago, I lost interest in maintaining it. As a consequence I still get a\u00a0ton of spam every day and after a long period of <a href='https:\/\/really.zonky.org\/?p=4454' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_share_on_mastodon":"0"},"categories":[4,209,489,226],"tags":[748,934,1492,1493],"class_list":["post-4454","post","type-post","status-publish","format-standard","hentry","category-it","category-linux-it","category-security","category-working-notes","tag-dns","tag-exim","tag-mta","tag-rdns","category-4-id","category-209-id","category-489-id","category-226-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-19Q","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/4454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4454"}],"version-history":[{"count":2,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/4454\/revisions"}],"predecessor-version":[{"id":4456,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/4454\/revisions\/4456"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4454"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}