From: Cedric Knight, GreenNet (cedricgn.apc.org)
Date: Mon Feb 11 2008 - 17:20:22 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

I'd like to reject connections from certain spam sources, such as
residential IP blocks heavily infected by the Dorf botnet.

These sources are quite well-defined by the reverse DNS of the client,
so for example inserting into the access table

ttnet.net.tr 554 Too much spam from this network
dynamic.163data.com.cn 554 Too much spam from this network
kd.ny.adsl 554 Too much spam from this network
res.rr.com 554 Too much spam from this network

should in theory block a lot. (parent_domain_matches_subdomains includes
smtpd_access_maps, so the domains don't need to prefixed with '.')

The problem in each case is that the forward DNS doesn't exist, isn't
always available, or doesn't match the client IP address, as shown by
the logs:
        postfix/smtpd[6278]: warning: smtpd_peer_init: 88.230.72.217: hostname
dsl88.230-18649.ttnet.net.tr verification failed: Name or service not known

Postfix only looks up verified client hostnames in the access table, so
these entries are either completely useless, or less useful than hoped.
  The same domains often include many different and diverse IP ranges,
and it would be difficult to find them all and add them to the access
table.

Is there some way to look up the "reverse_name" in a table, instead of
limiting it to verified hostnames?

Postfix 2.1.5 on Debian stable.

Thanks

Cedric Knight

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]