No DNS consistency checks in Debian spam filter?
The single most powerful and most efficient spam filter test is to
verify DNS consistency. Judging by the spam now swamping
these lists, Debian does not employ such a test.
In Postfix, including reject_unknown_client_hostname at an
appropriate spot in smtpd_client_restrictions does the trick.
Alternatively, us old PERL bashers iterate over all PTR records
for the IP address, and for each of those PTR records we iterate
over all the A records, and we only accept the connection if at
least one of those A records contains the connecting IP.
Unfortunately, once Debian has accepted this garbage and
forwarded it to a million victims, its much harder to block.
--Mike Bird
Reply to: