- Joined
- Feb 27, 2003
- Messages
- 8,138
Hello,
I've released Easy Spam Fighter version 1.9.
This does a better job at correctly identifying the 2 types of reverse IP lookup failures.
1) Exim's check called
was actually a forward-confirmed reverse IP lookup, where it does both a reverse IP lookup AND a forwarder lookup of that rDNS, to ensure the returned A record matches the sending IP.
As this is not always going to be true, I've flipped this around to give a -10 score if it's true, rather than +100 if it fails.
New variable:
2) The more basic rDNS is now using the simple
and doesn't check the forward A lookup.
If this one fails, +100 is given, and this should drop the connection if the EASY_HIGH_SCORE_DROP is set to the default value of 100.
For efficiency, if the rDNS fails in #2, sets a variable (acl_m_no_reverse_dns), so that the FCrDNS in #1 isn't done.
#2 is run before #1.
3) Also changed, are the checks for 0 scores, so that lookups are done done at all.
- EASY_SPF_SOFT_FAIL=0 causes spf=fail and spf=softfail checks not to be run at all
- EASY_SPF_PASS=0 causes spf=pass not to be run
- EASY_NO_REVERSE_IP=0 prevents the dnsdb PTR rDNS lookup
- EASY_FORWARD_CONFIRMED_RDNS=0 prevents the forward-confirmed rDNS lookup (this is the slowest, as it needs 2 lookups, but rDNS from #2 may already be cached anyway)
John
I've released Easy Spam Fighter version 1.9.
This does a better job at correctly identifying the 2 types of reverse IP lookup failures.
1) Exim's check called
Code:
verify = reverse_host_lookupAs this is not always going to be true, I've flipped this around to give a -10 score if it's true, rather than +100 if it fails.
New variable:
Code:
EASY_FORWARD_CONFIRMED_RDNS = -10
Code:
dnsdb{ptr=$sender_host_address}If this one fails, +100 is given, and this should drop the connection if the EASY_HIGH_SCORE_DROP is set to the default value of 100.
For efficiency, if the rDNS fails in #2, sets a variable (acl_m_no_reverse_dns), so that the FCrDNS in #1 isn't done.
#2 is run before #1.
3) Also changed, are the checks for 0 scores, so that lookups are done done at all.
- EASY_SPF_SOFT_FAIL=0 causes spf=fail and spf=softfail checks not to be run at all
- EASY_SPF_PASS=0 causes spf=pass not to be run
- EASY_NO_REVERSE_IP=0 prevents the dnsdb PTR rDNS lookup
- EASY_FORWARD_CONFIRMED_RDNS=0 prevents the forward-confirmed rDNS lookup (this is the slowest, as it needs 2 lookups, but rDNS from #2 may already be cached anyway)
John