Multiple A and PTR and the "main" ones?

Noel Butler noel.butler at
Sat Sep 12 01:38:34 UTC 2015

On 12/09/2015 00:54, David Ford wrote:
> We are also one of those services that will reject mail if DNS records
> don't line up sufficiently to a) satisfy RFC requirements for DNS and 
> b)
> are clearly mismatched with your DNS A/MX/PTR/SPF and who you pretend 
> to
> be in HELO/EHLO
> Those two simple rules block more than 92% of incoming spam attempts.
> "generics" tend to fall into that pit nearly 100% of the time. If your
> DNS can simply say in MX/SPF that you are legit, you easily avoid that 
> pit.
> Blocking the majority of spam is really easy if we simply require
> adherence to what is actually mandated in RFC and a pinch of sensible
> thinking about DNS.


these regex rules catch about 40% of rejects, (no A/PTRs' about 50% and 
RBL's 10%)

connect /.*[0-9]{1,3}\-[0-9]{1,3}\-[0-9]{1,3}\-[0-9]{1,3}\..*/ei //
connect /.*[0-9]{1,3}\-[0-9]{1,3}\-[0-9]{1,3}\-[0-9]{1,3}\-.*/ei //
connect /.*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\..*/ei //

Don't see much ipv6 traffic <1%, so I have plenty of times to rewrite 
them to catch them as well :)

(I did have to whitelist one local CSP who defaulted to this kinda 
"GENERATE" dns rules for their hosts, no one there has a clue on how to 
change it, even my contact within said company told me their network 
staff are all clueless university fxxxxxxs and questions their degrees)

More information about the bind-users mailing list