Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?

To: debian-user@lists.debian.org
Subject: Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
From: Stan Hoeppner <stan@hardwarefreak.com>
Date: Sat, 09 Jul 2011 19:55:36 -0500
Message-id: <[🔎] 4E18F888.9070806@hardwarefreak.com>
In-reply-to: <[🔎] 87zkkne6dh.fsf@yun.yagibdah.de>
References: <[🔎] 4E1785B3.6080306@affinityvision.com.au> <[🔎] pan.2011.07.09.10.41.34@gmail.com> <[🔎] 4E185D17.5000008@affinityvision.com.au> <[🔎] 874o2vfn0t.fsf@yun.yagibdah.de> <[🔎] 4E188052.2030808@rail.eu.org> <[🔎] 87zkkne6dh.fsf@yun.yagibdah.de>

On 7/9/2011 12:00 PM, lee wrote:

> The rDNS check is very useful because it keeps out tons of SPAM without
> occupying too many resources.  It also seems to be common practise.  Do
> you have a better suggestion?

Just checking for the existence of rDNS is no longer sufficiently
effective against bot spam from infected residential hosts.  This is
because many/most? ISPs have rDNS for most of their IP addresses,
whether dynamic or static.

If you really want to put the hammer on residential bot spam, especially
IPs that send to you before Spamhaus ZEN (CBL) lists them, and that are
not listed in the various DNS dynamic block lists, then you need
something like this:

http://www.hardwarefreak.com/fqrdns.pcre

This Postfix PCRE table consists of 1600+ rDNS patterns of residential
broadband/SOHO ISPs around the world, and is extremely effective at
killing bot spam, while putting very little load on your server.  The
table and the instructions I've written are geared toward Postfix, but
the table should be usable with any MTA, with appropriate modifications,
that handles PCRE tables.  Simply have your MTA query the table for the
rDNS string.  The table is currently setup to outright reject most
matches, but for some that are more in SOHO land it does a header
prepend so SA etc can score it.

If someone wishes to modify it for use with Exim and rehost it that
would be great.

-- 
Stan

Reply to:

Follow-Ups:
- Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: lee <lee@yun.yagibdah.de>

References:
- Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: Camaleón <noelamac@gmail.com>
- Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: lee <lee@yun.yagibdah.de>
- Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: Erwan David <erwan@rail.eu.org>
- Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
  - From: lee <lee@yun.yagibdah.de>

Prev by Date: Re: Does IPv6 preclude use of a NAT gateway?
Next by Date: Re: Does IPv6 preclude use of a NAT gateway?
Previous by thread: Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
Next by thread: Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
Index(es):
- Date
- Thread