On Tue, Jan 25, 2005 at 01:09:04PM +0530, Suresh Ramasubramanian wrote:
On Mon, 24 Jan 2005 22:29:49 +0100, Markus Stumpf <maex-lists-nanog@space.net> wrote:
If you look at your logfiles you will notice that > 95% of all legit mailservers already have working and individual revDNS.
I'll just point out that you are generalizing based on a case you see in your mailserver
I am generalizing on what I see from about 300 mailservers and about 1 million messages a day.
I havent got the time to gather stats from our production clusters right now but a quick grep through the last week's logs on my personal colo (lots of ISPs in india mail it, some indian users - friends, family, large local linux lists - on it) .. I'd say that about 40% of my legitimate email comes from IPs that don't have rDNS let alone DNAME / MTAMARK.
How did you calculate that "40% of my legitimate email"? If you get 60 emails from 60 different hosts that have revDNS and you get 40 mails from two hosts without revDNS then also "40% of your legitimate email" is coming from servers without revDNS, but in fact the precentage of servers without revDNS would be around 3.2%. Quite a difference.
On our production boxes we get email from around the world for about 40 million users, and I just dont want to try blocking based on no reverse DNS there .. just not worth the amount of legitimate email traffic that gets filtered out.
On the mailserver for our company we had 2002 attempts to inject messages for the last 17h30m from hosts without any revDNS. -> 30 allowed, 2 of them non spam -> 1982 rejected (badhelo (ip or name of local mailserver), not existing recipient, relaying denied, blocked due to prior spamming) This makes a 0.1% non-spam rate. 888 unique hosts sending spam, 2 did not, 0.23% good servers without revDNS. yesterday: 2368 attempts from hosts without any revDNS -> 2315 rejected -> 53 allowed, 6 of them non spam (4 of them from the same sender) This makes a 0.25% non-spam rate. 1044 unique hosts sending spam, 3 did not, 0.29% good servers without revDNS. As you can see, we don't filter out "no revDNS", too. But setting MTAMARK records would give the admins of the receiving mailservers a hint as how to classify the sending IP. \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"