Hello,
I'm trying to reject e-mail traffic from:
x.x.x.x.nnn.nn.nn.dynamic.163data.com.cn
In my accessdb I already have:
Connect:dynamic.163data.com.cn REJECT
Connect:.dynamic.163data.com.cn REJECT
Connect:163data.com.cn REJECT
Connect:.163data.com.cn REJECT
but it doesn't work. What gives?
Many thanks.
--
n
nobody
> I'm trying to reject e-mail traffic from:
>
> x.x.x.x.nnn.nn.nn.dynamic.163data.com.cn
>
> In my accessdb I already have:
>
> Connect:dynamic.163data.com.cn REJECT
> Connect:.dynamic.163data.com.cn REJECT
> Connect:163data.com.cn REJECT
> Connect:.163data.com.cn REJECT
>
> but it doesn't work. What gives?
*EXPLANATION*
Sendmail uses *only* closed PTR-A loop names for access lookups.
[ IP address -("PTR" record)-> DNS name -("A" record)-> IP address ]
The names you mention (e.g. 25.202.108.125.broad.wz.zj.dynamic.163data.com.cn)
do not have "closing" "A" DNS records.
Sendmail uses such policy because access may also return "RELAY" and
names produced by "no loops" are unreliable and easy to fake.
*FIXES*
*FIX0* To get exactly what you want would require patching
cf/m4/proto.m4 and implementing new "connect-ptr:" prefix for names
produced by PTR records with missing A records. The lookup should ignore
RELAY/OK results.
* FIX1* To get what I think you really want you may use
FEATURE(`anfi/rsdnsbl') and FEATURE(`anfi/require_rdns') to require
closed PTR-A loop for
* hosts in a few countries
* all hosts except a few countries
* the worse half on the Internet listed by L2.apews.org
You can use zz.countries.nerd.dk to get IP->country mappings.
zz,countries.nerd.dk zone is available for download via rsync.
#v+
FEATURE(`anfi/countries')dnl list of country codes
dnl
dnl put standard enhdnsbl tests here
dnl
dnl ------------------------------------------------------
FEATURE(`anfi/rsdnsbl',`zz.countries.nerd.dk',`whitelist',`' ,
C2_US,C2_CA,C2_UK,C2_PL)dnl
dnl IP addresses in USA, Canada, UK and Poland are excluded from
dnl tests below (up to 6 countries may be listed)
dnl -------------------------------------------------------
FEATURE(`anfi/rsdnsbl')
#v-
URL(s):
* http://open-sendmail.sourceforge.net/
* http://sourceforge.net/project/showfiles.php?group_id=187085 &package_id=228383
* http://groups.google.com/group/comp.mail.sendmail/msg/de49ed 886ac9d1d2
From: Andrzej Adam Filip
Newsgroups: comp.mail.sendmail
Subject: FEATURE(`anfi/rsdnsbl') [2007-12-12]
Date: Wed, 12 Dec 2007 23:57:22 +0100
Message-ID:
--
[pl>en: Andrew] Andrzej Adam Filip anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
The most happy marriage I can imagine to myself would be the union
of a deaf man to a blind woman.
-- Samuel Taylor Coleridge