From owner-freebsd-chat  Thu Nov 27 22:18:17 1997
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id WAA23331
          for chat-outgoing; Thu, 27 Nov 1997 22:18:17 -0800 (PST)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id WAA23326;
          Thu, 27 Nov 1997 22:18:10 -0800 (PST)
          (envelope-from grog@freebie.lemis.com)
Received: (from grog@localhost)
	by freebie.lemis.com (8.8.8/8.8.5) id QAA11757;
	Fri, 28 Nov 1997 16:47:59 +1030 (CST)
Message-ID: <19971128164758.02274@lemis.com>
Date: Fri, 28 Nov 1997 16:47:58 +1030
From: Greg Lehey <grog@lemis.com>
To: joelh@gnu.org
Cc: jkh@time.cdrom.com, jmb@FreeBSD.ORG, chat@hub.freebsd.org
Subject: Re: major push by spammers?
References: <18154.880528164@time.cdrom.com> <199711280604.AAA00737@detlev.UUCP>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84e
In-Reply-To: <199711280604.AAA00737@detlev.UUCP>; from Joel Ray Holveck on Fri, Nov 28, 1997 at 12:04:04AM -0600
Organisation: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062
WWW-Home-Page: http://www.lemis.com/~grog
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Nov 28, 1997 at 12:04:04AM -0600, Joel Ray Holveck wrote:
>
>> 2 ways: The first, if reverse DNS lookup fails, accounts for about 90%
>> of the rejects.  When I first started doing this, I worried that
>> perhaps I was rejecting some legit emails so for the first couple of
>> weeks I'd do one day on, one day off.  In 14 days worth of testing, I
>> got one "legitimate" message (though it was unanswerable due to said
>> misconfiguration, so I could have done without it :) and many many
>> hundreds of spams on the days that I had reverse DNS checking
>> disabled.  Needless to say, I can't even imagine not having it on now.
>
> Now tell me, how does the reverse DNS lookup work?  Does it perform a
> reverse DNS against the IP source vs. the line sent in EHLO, or
what?

A reverse lookup takes the IP address and looks through the BIND
hierarchy for a corresponding PTR record (more specifically, for
address 192.109.197.137, it will look for a PTR record which matches
137.197.109.192.in-addr.arpa).  A lot of systems don't have their
reverse delegation set up correctly, so I suspect a number of innocent
people are also being rejected.

Greg