On Wed, 16 Aug 2017 08:40:03 -0400 Myles Braithwaite 👾 <me@mylesb.ca> wrote:
ac via talk wrote:
1. Bounce when no rDNS (exim/postfix/sendmail/qmail - 2 second conf) Sometimes people don't have access to configure Reverse DNS (or PTR) as they are sending with a dynamic IP address. This isn't common but at least for GTALUG there are five or six people who host their email from their home on dynamic IP addresses.
I did not say the reverse must match the forward. But the vast majority of email servers are dropping if no reverse zone as hijacked IP ranges do not have reverse zones. Dynamic IP numbers from your ISP usually/mostly have reverse zones. But to operate a real email server you will need a fixed IP number anyway for your own sanity So, if you do not want spam - drop if no reverse zone (rule 1) :)
2. Use 10+ dnsbl with properly configured spamassasin (cache locally) - with 2 (or more, or less) points per dnsbl listing (five minutes copy & paste for exim/postfix) -> dnsbl from here: http://multirbl.valli.org/
I stopped using SpamAssasin a while ago. I know use Rspamd, Rmilter, and OpenDMARC. I found SpamAssasin was letting in way to much spam and required way to much knowledge to run properly.
Which is why you use 10+ (If you do not want spam) If anyone applies the 6 rules - Spam is dead :) I have now worked with email for 30? years... and in that time I have seen that domains to do not have the same spam, so there is no magic single rbl, and spam trends change all the time. For new clients I always lookup the spam their domains get on around 300 International Blacklists, then build a short list of 15 -20 and then measure effectiveness of those against their incoming, these days it always works and spam is actually dead. Okay, well you still get the occasional manual sent spam from a public email account by some opportunist, but I mean that the senseless junk is all gone... Andre