On Fri, 2012-09-07 at 17:25 +1200, Simon Lyall wrote:
On Fri, 7 Sep 2012, Steve Holdoway wrote:
As you've been very helpful in the past, can I ask the best way forward in addressing this problem.
In an attempt to reduce spam delivery to a local charity mail server, I added
FEATURE(`require_rdns')dnl
My advice is don't try to devise rules for spam blocking yourself, as you've found even a simple idea like requiring reverse DNS will have false positives. There are plenty of other "simple" solutions that will also come back to bite you [1].
Either outsource your filtering or install something like Spamassassin which comes with it's own build-in rules enabled and tuned.
[1] - "Voodoo spam filtering" is a phrase I like.
For incoming mail, I'm using services from SpamHaus - zen list in sendmail and drop list via iptables updated daily - and greylisting. I hate spamassassin with a vengeance for exactly the reason you mentioned above - creating your own rules = imperfect + job for life. However, I really don't consider RDNS to be in that category: isn't it in the RFC? Ugh I just checked: 1912 Section 2.1... 'For every IP address, there should be a matching PTR record in the in-addr.arpa domain.' should, not must. Missed that first time around. Bugger. I cannot outsource this mail due to its sensitive nature, backed up by the board's decision. This also negates the use of naughty word filters as well... Cheers, Steve -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz MSN: steve(a)greengecko.co.nz Skype: sholdowa