Tue Mar 11 20:20:00 PDT 2014
dominant-carrier telcos) one guess is that you are 'grandfathered' on a
service package they no longer offer at all.
Hence they *want* those still on it to cancel and upgrade. Denying a
proper RR becomes a tool in that progression, will probably be justified
on the 'obsolete package, no-such feature, end of story', grounds.
BTW: the IP address (220.127.116.11) is not in any "DNS based
blocklist" that I know of. It's not even "classified" as dynamic IP
in any of those. Moreover, there is a PTR record for it (as those who
claim to know something about RFCs could have easily checked.)
ACK - but that is part of the burden you need to get out from under.
Within a dynamic block or not, (SORBS don't list it as such...) that RR
is precisely the sort of RR that *specifies* a dynamic IP not assigned
to any one organization:
rDNS quite aside, we would catch it in three different acl's on the
'dsl' string match on my servers.
Dunno how Matt is doing it, but suspect a similar tool.
It would be nice if it was possible to configure sendmail to not
block any STARTTLS secure mail regardless of the ip or rDNS of the
That's not a good idea. Spammers can easily set up TLS.
Not a good idea 'naked' - but while RFC provides wiggle-room w/r whether
one uses TLS, an SSL tunnel, VPN, matching certs, or whatever - RFC and
BCP are quite specific that the relay-submission function (as used by
customer's MUA's) - require valid authentication.
Just for comparison, Exim's flag is tested with simply:
authenticated = *
where the right side *could* be a complex test or a lookup.
But we've already matched to a specific port AND the non-standard
protocol our user community must utilize as well as their UID:GID and
pwd match when we set that flag.
I'm sure sendmail's rule syntax is different, but trust that the same
functionality already exists.
as you web-page suggests; but to my knowledge, such configuration
of sendmail is quite non-trivial, so most people don't use it. If
you could provide some examples on the web-page where you make this
suggestion, or, better yet, include such examples in the default
configuration file, it would, IMHO, be the best approach to this
I'll take a look, thanks for the suggestion.
More information about the Kernel