[unisog] I need help.

William D. Colburn (aka Schlake) wcolburn at nmt.edu
Thu Jul 18 20:27:15 GMT 2002


I will start by saying that I read comp.risks regularly, so I'm well
aware of the things I'm mucking with.

On Thu, Jul 18, 2002 at 04:01:38PM -0400, Valdis.Kletnieks at vt.edu wrote:
> (OK.. Time to put my e-mail geek hat on and cite chapter and verse ;)

I'm willing to forgo lots of chapter and verse if it cuts down on the
amount HOT FREE something-or-other that shows up in my mailbox.  I will
tolerate false negatives, but I strive hard to avoid not false
positives.  People get far more upset at losing mail than they do at
receiving spam.

> Hopefully on the first (2), if you get a timeout on the DNS query you do a
> tempfail (4xx) rather than a 5xx error.

No, I'm bad here.  Part of it could be my fear and loathing of HTML only
email.  I firmly believe that email should be readable by a human.  If
they are timing out (and only sending HTML), then I refuse them.

> Also, on the second (2) (should be 3?), note that there are a *NUMBER* of
> perfectly valid cases for the HELO not matching (for instance, this laptop
> always asserts the same hostname on the HELO, but if I happen to be
> DHCP'ed on wireless or dialed up from home, the PTR won't match).

I put my telephone number in my anti-spam errors, and people do call
when they get that error.  I have only had two calls on this issue.  One
is the fact that netscape always gives the wrong hostname in a HELO (it
uses the hostname of the server it is talking to, not its own).  I
solved that problem by accepting bad host names from machine inside my
domain.  People outside my domain should use their own SMTP relay to
send mail, not mine.  The other call was a valid email, coming from a
site administered by leprous monkeys who couldn't configure DNS if their
lives depended on it.  I made a special case for them.  If I had been
forced to make three or four special cases in the first week, I would
have dropped this rule, but I haven't.  The rule seems to work well in
practice.

> RFC2821 has this to say in 4.1.1.1:
> and in 4.1.4:

The RFC also says I have to accept usernames that contain the NULL
character in them, and I don't do that.

> Christian Huietma did a study a while ago, and found that only about 30%
> of the DNS namespace had correct and valid PTR entries - you might want to
> think about that when rejecting mail just because the PTR isn't valid.

I did consider this once, but I always look back through my logs to see
what my past history is.  If I don't have logs for that, then I add the
rule and make a syslog to report its frequency.  It was immediately
obvious that rejecting hosts with no reverse IP would 1) reject lots of
spam, and 2) reject far more legitimate email than spam.  The people at
Sendmail confirmed this for me, when I asked them about the possibility.

> Oh... and you might want to ask yourself what happens for smaller sites, where
> www.foo.com and mail.foo.com point at the same address - and the PTR points at
> www.foo.com or realboxname.foo.com).  Issues with CNAMEs and MX entries and
> the possibility of hosting multiple sites on one physical host make it even
> more interesting.

I have wondered about that myself, but it doesn't seem to be causing
problems that I can see, or that anyone is reporting.

> On the other hand, at least you're not blocking 'MAIL FROM:<>'.  Or if you
> are, at least being discreet about it. ;)

I have a form letter I send to people who block 'MAIL FROM: <>'.  :)

--
William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn



More information about the unisog mailing list