Qmail Support Forum Forum Index Qmail Support Forum
Qmail Email Server Support Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Reverse DNS Checking

 
Post new topic   Reply to topic    Qmail Support Forum Forum Index -> Qmail Solutions
View previous topic :: View next topic  
Author Message
Anderson Miranda
Guest
PostPosted: Wed Jun 22, 2005 10:22 am    Post subject: Reverse DNS Checking Reply with quote
Hi, I know this is an old discussion, but I've got a few questions about it.

First, I would like to know how good is to deny (5xx) the hosts that
tcpserver was unable to do a reverse lookup. Is out there many "good"
SMTP servers wich have no properly reverse DNS setted up?... I'm asking
this just because I'm afraid to keep denying "good" SMTP servers instead
of just spammers with poorly configured SMTP servers.

Actually, I'm just logging the bad reverse DNS requests to a separate
log file. My second question is how could I "flag" the messages whose
reverse DNS lookup failed?... Is that possible?...

Hope someone can help me with this thread.
Thanks in advance,
Anderson from Rio

PS: Below are all my related files to this question.

TcpRules File (/etc/tcprules.d/tcp.smtpd.cdb)
// ==========================================
127.0.0.1:allow,RBLSMTPD="",RELAYCLIENT="",MAXCONNIP="12",TARPITCOUNT="0",TARPITDELAY="3"
192.168.0.:allow,RBLSMTPD="",RELAYCLIENT="",MAXCONNIP="12",TARPITCOUNT="0",TARPITDELAY="3"
200.170.139.35:deny
200.174.142.161:deny
200.255.218.82:deny
8.4.112.100:allow,MAXCONNIP="5",TARPITCOUNT="10",TARPITDELAY="50"
=:allow,MAXCONNIP="2",TARPITCOUNT="10",TARPITDELAY="50"
:allow,MAXCONNIP="2",TARPITCOUNT="10",TARPITDELAY="50"
// ==========================================
The above file uses the "=" operator because I had an RBLSMTPD="-bad
reverse DNS" at the last line, but removed this to NOT deny the connections.
// ==========================================
#!/bin/sh
#BOF
#The "run" script for the supervisor of the qmail-smtpd:
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
MAILSERVER=`cat /var/qmail/control/me`
exec tcpserver -l $MAILSERVER -t15 -r -h -p -v -c"$MAXSMTPD" -x
/etc/tcprules.d/tcp.smtpd.cdb \
-u"$QMAILDUID"
-g"$NOFILESGID" 0 smtp \
sh -c 'test -z
"$TCPREMOTEHOST" \
&& exec
/usr/bin/startsmtpd.sh bad "$MAILSERVER" \
|| exec
/usr/bin/startsmtpd.sh good "$MAILSERVER"' 2>&1
#EOF
// ==========================================
#!/bin/sh
#BOF
#The "/usr/bin/startsmtpd.sh" script, used to call qmail-smtpd and log
bad reverse DNS when needed:
rblsmtpd -b -c -r bl.spamcop.net /var/qmail/bin/qmail-smtpd "$2"
/home/vpopmail/bin/vchkpw /bin/true

XXX=`echo "$TCPREMOTEIP" | grep "192.168.0."`
if [[ "x$XXX" == "x" ]]; then {
if [[ "x$TCPREMOTEHOST" == "x" ]]; then {
TODAY=`date +"%d/%m/%Y - %A"`
NOW=`date +"%H:%M:%S"`
MYDATE="$TODAY $NOW"
echo "$MYDATE - 553 bad reverse DNS!" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "------Environment Vars:------" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "PROTO (TCP) = $PROTO" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "TCPLOCALHOST = $TCPLOCALHOST" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "TCPLOCALPORT = $TCPLOCALPORT" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "TCPREMOTEHOST = $TCPREMOTEHOST" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "TCPREMOTEINFO = $TCPREMOTEINFO" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "TCPREMOTEIP = $TCPREMOTEIP" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "TCPREMOTEPORT = $TCPREMOTEPORT" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "RELAYCLIENT = $RELAYCLIENT" >>
/var/log/qmail/rblsmtpd/badreverse.log
echo "-----------------------------" >>
/var/log/qmail/rblsmtpd/badreverse.log
} fi
} fi
#EOF
Back to top
Maex
Guest
PostPosted: Wed Jun 22, 2005 10:23 am    Post subject: Reply with quote
Quote:

First, I would like to know how good is to deny (5xx) the hosts that
tcpserver was unable to do a reverse lookup. Is out there many "good"
SMTP servers wich have no properly reverse DNS setted up?... I'm asking
this just because I'm afraid to keep denying "good" SMTP servers instead
of just spammers with poorly configured SMTP servers.


Not much according to my logfiles.
If you do this for yourself or your company it may be easy to do, if
you are an ISP it depends on your contracts.

About denying "good" servers:
walks like a duck, quaks like a duck, duck roast.
It is easy to follow some basic rules to not look like a spammer. I have
no sympathy for admin being too dumb but whining around.

Quote:

Actually, I'm just logging the bad reverse DNS requests to a separate
log file. My second question is how could I "flag" the messages whose
reverse DNS lookup failed?... Is that possible?...


You could use the QMAILQUEUE patch (or netqmail-1.05) and write a small qmail-queue replacement that checks the env variable TCPREMOTEHOST and if that is not set echo a X-Flag line before piping the message.

You can also write a two line patch to qmail-smtpd.c Smile
Back to top
E.V.Devarajulu
Guest
PostPosted: Wed Jun 22, 2005 10:24 am    Post subject: Reply with quote
Hi,

Could I know how to configure qmail to write a separare log file for bad
reverse DNS entries.

Thanks & Best Regards,

E.V.Devarajulu
Back to top
Maex
Guest
PostPosted: Wed Jun 22, 2005 10:25 am    Post subject: Reply with quote
Quote:

Could I know how to configure qmail to write a separare log file for bad
reverse DNS entries.


It depends.

See
http://cr.yp.to/daemontools/multilog.html
and read the passage about "Selecting lines"
Back to top
jms1



Joined: 19 Jul 2005
Posts: 1
Location: Orlando FL
PostPosted: Tue Jul 19, 2005 8:52 pm    Post subject: Re: Reverse DNS Checking Reply with quote
Anderson Miranda wrote:
First, I would like to know how good is to deny (5xx) the hosts that
tcpserver was unable to do a reverse lookup. Is out there many "good"
SMTP servers wich have no properly reverse DNS setted up?... I'm asking
this just because I'm afraid to keep denying "good" SMTP servers instead
of just spammers with poorly configured SMTP servers.


it seems to be working well enough for AOL... in fact AOL is the reason that most ISP's have been flooded with calls about reverse DNS over the last few months, because they won't accept mail from an IP which doesn't have any reverse DNS information at all.

http://postmaster.info.aol.com/errors/421dnsnr.html is the URL in the error message you receive if you try. visiting this page will explain their policy.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Qmail Support Forum Forum Index -> Qmail Solutions All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © phpBB Group. Hosted by phpBB.BizHat.com


For Support - http://forums.BizHat.com

Free Web Hosting | Free Forum Hosting | FlashWebHost.com | Image Hosting | Photo Gallery | FreeMarriage.com

Powered by PhpBBweb.com, setup your forum now!