rejecting mail connection with exim when no rDNS

[nagyosha]

Hi all
i'm finding lots of spam getting thru on my server . even more getting stopped so i'm half way there.

i also have configserver mailscanner setup ..

nearly all the main spam now that gets thru has no reverse DNS by the looks of it. or at least that is what i see in mailwatch.
so i'd like to refuse connections to exim for inbound mail if there is no reverse dns for the sender it as that seems like it could reduce server load also..
i'd considered just loading the score a bit more in mailscanner for this however as far as the spammers are concerned it has been delivered as they do not see it not getting delivered.

therefor the most useful way to combat it would be just to refuse there connection at the start.
i've read on an article suggestign i add the below to exim (http://www.pasztor.at/2013/01/07/filtering-spam-with-exim-only/)
rules in the RCPT ACL.

drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     condition = ${if !def:sender_host_name}
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     condition = ${if isip{$sender_host_name} {yes}{no}}
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     condition = ${if eq{$sender_host_name}{} {yes}{no}}
drop message   = Client Policy Restriction: No (consistent) reverse DNS set.
     !verify   = reverse_host_lookup

this will according to the article refuse there connection .
I'm not to sure where to add this though ..
looked in Service Configuration » Exim Configuration Manager
and then advanced .. but seeking advice as do not want to break anything lol

 

[nagyosha]

i've also read on this thread http://forums.cpanel.net/f5/blocking-unknown-unresolved-ips-35737.html
that its easier than the code above .. but does it do the same thing and still not sure where to add it in exim

require verify = reverse_host_lookup
         message = Your mail server IP address ($sender_host_address) has no reverse DNS PTR

 

[cPanelMichael]

Hello

You are welcome to try either solution and let us know the outcome. Another thread you may also find useful is:

Reverse DNS Lookup

Thank you.

 

[smileybri]

I know this is old, but when I tried to do this it resulted in outgoing message errors. Users using Outlook or some other SMTP client tarted getting "550 Administrative prohibition" errors that stopped as soon as I disabled the added ACL as in the link above.

Is there a new way to reject mail from servers with invalid PTR that will not cause such an issue, or do I have to change some other option in order to use this ACL?

Currently I am using SpamAssassin to give a high score to this rule but SA is processing an extremely high number of messages that match this rule and this is incredibly inefficient.

Any help is appreciated. Thank you.

 

[cPanelMichael]

Is there a new way to reject mail from servers with invalid PTR that will not cause such an issue, or do I have to change some other option in order to use this ACL?

Hello

Please let us know if the following thread helps:

https://forums.cpanel.net/threads/reverse-dns-lookup.421161/

Thank you.

 

[asmithjr]

I opened Exim Configuration Manager then the Advanced Tab. Locate custom_begin_recp_verify then copy and pasted the like in that text area. Upon viewing my exim.conf file I see the content in the file in the #BEGIN ACL_RECP_VERIFY_BLOCK section of the file.

I am not aware of any trouble as I just tried this but I have sent test emails to accounts on the server and they delivered.

 

[eugenevdm.host]

I know this is old, but when I tried to do this it resulted in outgoing message errors. Users using Outlook or some other SMTP client tarted getting "550 Administrative prohibition" errors that stopped as soon as I disabled the added ACL as in the link above.

Yep I just thought I'm going to get rid of 100s of SMTP connections from spammers who don't have reverse set up properly, but in the process I blocked many users from accessing our system. So in my opinion do not use that setting because not all commercial ISPs have reverse on the consumer lines.