Re: No DNS consistency checks in Debian spam filter?

[Joe <joe@jretrading.com>]

Mike Bird wrote:
> On Tue January 8 2008 13:30:22 John Hasler wrote:
> > Mike Bird writes:
> > > No, I checked headers during the flood.  Debian was forwarding spam
> > > directly received from hosts with PTR records without matching A records.
> > That just means it doesn't use your favorite method (because many ISPs have
> > broken DNS).
>
> Hmm, I'm postmaster and maintainer for quite a lot of Linux mail servers,
> mostly Debian/Postfix and some Fedora/QMail.  Several years ago when we
> started enforcing consistent rDNS we'd get about one complaint per month
> related to ISPs with broken rDNS.  I don't think we had any such complaints
> in 2007.
>
> If in 2008 Debian is not enforcing rDNS consistency checks at SMTP-connect
> time then Debian is doing a poor job of blocking spam.  Worse - Debian is
> unnecessarily relaying millions of spams per day.  Once relayed, those spams
> become much harder to block.
>
> Please reconsider.

Oddly, exim4 on Debian does this by default and it is effective. Another 
thing that helps is to ask for an ident. Exim4 also does this by 
default, and doesn't require an answer but waits 30 seconds for one 
before continuing the SMTP session. Any legitimate server will happily 
wait for 30 seconds, most spammers won't, making it a cheap sanction.

Really, if I, as a one-man-band leasing one IP address from someone 
else, can organise a complementary A-PTR pair, I don't see why anyone 
charging money and calling themselves an ISP can't.