reject mails from unresolved ip -> hostname

Is it possible to reject mail if the mta was unable to find the corresponding hostname for the Sender's IP address by using a DNS lookup ?

[160 byte] By [709035] at [2007-11-25 8:28:13]

«« images rewriting error
»» getting connection pool information from server

# 1

This is an interrested thread any hint since 2002?I guess to extend the thread , I am looking for best practices on rejecting connections from spammers without having to do consuming processing on my MTA.Regards

sl-abde at 2007-7-1 14:55:03 >

top of Java-index,E-Mail, Calendar, & Collaboration,Sun Java System Messaging Server...

# 2

I use the mailfromdnsverify keyword in my tcp_local channel. http://docs.sun.com/source/816-6020-10/mta_conf.htm#1011562 I also use spamassassin

jay_plesset at 2007-7-1 14:55:03 >

# 3

thanks Jay.

When I look at the doc you pointed

I see the option "Verify that an entry in the DNS exists for the domain used on the SMTP MAIL FROM: command when set on an incoming TCP/IP channel. The MTA rejects the message if no such entry exists. " which is fine but a Spammer can easily workaround that.

Don't know much about spamassasin we are using another product.

But I guess my main point is I would like to be able to drop a inbound connection when I suspect Spam before I have to go processing the e-mail cause that 's what consume the most of my MTA resource.

I thought about this when looking at my spam log , most of the Spam robots are issuing straight forward SMTP connection without relaying. So can I for instance instruct my MTA to talk only with valid Mail Exchanger ( by making a DNS ) of the IP address connecting. So the rule would be

if you are a valid MX okay otherwise I do not talk to you - drop the connection.

sl-abde at 2007-7-1 14:55:03 >

# 4

If what you want is what I think you're asking for, I'd stop here. .

Using any kind of DNS stuff like you're asking for opens you up to some rather nasty performance problems, especially if you have any DNS latency. It'll also reduce your normal performance far more than using any good spam preventative package.

Doing the kind of reverse DNS lookups you're talking about could add seconds to each connection . . .

jay_plesset at 2007-7-1 14:55:03 >

# 5

Well DNS is a source of contention that's why the manual urge you to have a proper DNS cache on your MTA.

What I don't understand is why a DNS call might be more expensive than a Spam Processing ?

Spam Processing for large messages is not taking a couple seconds it can up to a minute when lunched. Text processing to compute an likelihood is time and resource consuming.

I want the MTA to pick a connection only if he is talking to another MX and not from an ISP IP address where a Spam Robot flooding me.

sl-abde at 2007-7-1 14:55:03 >

# 6

DNS cache isn't likely to be enough, if you're going to do a reverse lookup on each connectin.

Taking a minute to do a single spam process seems excessively long. My very small system takes about 3 seconds to do both spam and virus processing, on even fairly large messages.

Of course, you can configure spam checking (the one I'm using), to only check the first few k of message.

I don't know of a way to do exactly what you're talking about, to do a MX check. Also, a MX check is likely to have MANY false positives. For example, many ISP use MX for inbound connections, but use a different set of servers for outbound mails, and the outbound relay boxes don't have MX. These are certainly legitimate connections. . .

jay_plesset at 2007-7-1 14:55:03 >

E-Mail, Calendar, & Collaboration

Sun Java System Messaging Server

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

reject mails from unresolved ip -> hostname

E-Mail, Calendar, & Collaboration New Topic

E-Mail, Calendar, & Collaboration Hot Topic

E-Mail, Calendar, & Collaboration

All Classified