[Pymilter] My own version of the bms.py milter

Tony Nelson tonynelson at georgeanelson.com
Thu Dec 22 14:39:10 EST 2016 

On 16-12-22 12:42:09, Stuart D. Gathman wrote:
> On Thu, 22 Dec 2016, Stuart D. Gathman wrote:
> 
>> On Wed, 21 Dec 2016, Stuart D. Gathman wrote:
>> 
>> ... some stuff about Tony's work
>> 
> 
> Also, an IP is not "dynamic" for email purposes if it has a valid
> HELO (i.e. looking up the alleged hostname matches the connect IP).
> Many ISPs will not (or the process is inordinately expensive timewise)
> assign rDNS for small static IP allocations, even for business  
> accounts.

The ISPs I know have automated the process.  It doesn't seem to be
business class if the ISP doesn't provide for proper site configuration.
I understand that it won't be provided for home users.

I never accept mail from connections with no rDNS.  That can happen
for transient failures, so I TEMPFAIL it for a while and then REJECT
a message (if they can actually send one) so a legitimate user can
find out.

> The whole point of HELO is to provide a verifiable hostname for  
> exactly
> this situation.

Many spammers now have domain names for their bots and stolen VPSs.

If the rDNS seems dynamic but the HELO verifies, I greylist the
message (by message-id, so TBTF can also send email).  Some spammers
actually handle that (but many do it badly, trying 3 times in close
succession -- even in the same connection).  Real mailservers use
exponential back-off, and slide into the "acceptable" time window.
At least in my limited experience over the past 9 years, this has
been the case and does not reject real mail.

My greylisting had been delaying mail from your site, as the auto-
whitelist didn't handle changing the sender ("-bounces") or removing
SRS without using SRS.  My attempts to handle that while tired
resulted in those tracebacks.  It may be working now.

At least I assume SRS tries to remove SRS it didn't generate, but I
didn't follow the code all the way.  The "spec" for SRS at
<http://www.libsrs2.org/srs/srs.pdf> notes that SRS0 is "opaque",
meaning that there were multiple forms in the wild, and I can only
remove the "standard" one.  Yours is the only site I've gotten SRS
from, so I didn't have experience with it.

-- 
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson at georgeanelson.com>
       '                              <http://www.georgeanelson.com/>

More information about the Pymilter mailing list