no rDNS and RDNS_NONE (Was: New free blacklist: BRBL - Barracuda Reputation Block List)

[mouss <mo...@netoyen.net>]

Justin Mason wrote:
 >[snip]
 >
 > In fairness -- if you drop mail with no rDNS, you are dropping 3.6% of
 > legit email in general, going by the test results for our RDNS_NONE
 > rule... ;)

It just came to my mind that RDNS_NONE does not mean the client does not 
have a reverse DNS, be it confirmed or just a PTR.

RDNS_NONE uses the rdns field determined from the Received headers, but
- some MTAs do not do rDNS lookup
- there may be a temp fail
- there may be a mismatch (PTR exists but doesn't resolve back to IP)

so the 3.6% include more than IPs without a (valid) PTR.

It would be interesting to get stats for each category, but this 
requires doing the lookup in SA. which brings us back to an old request: 
add the possibility to lookup rDNS in SA. Are there any caveats in 
adding this? I am thinking of something like

resolve_ip (0|1|2)
where 1 means a PTR lookup only, and 2 a "double" lookup ("FcrDNS"), and 
the lookup is only done on the most external relay?