[Gllug] E-Mail screening and reverse DNS
Paul Cupis
paul at cupis.co.uk
Tue Jun 13 07:49:33 UTC 2006
Nix wrote:
> On Sun, 11 Jun 2006, Paul Cupis spake:
>> Nix wrote:
>>> Why should it need to do that? Sites rejecting SMTP connections
>>> where forward != reverse DNS (as opposed to those where forward and
>>> reverse do not resolve to the same IP) will reject a very large
>>> proportion of legitimate mail, including mail from many *major*
>>> mailing lists.
>> "Reverse doesn't resolve to the same IP" ?
>
> Badly phrased on my part, perhaps, but:
>
> nix at hades 951 /home/nix% host -t mx esperi.org.uk
> esperi.org.uk mail is handled by 5 mail.esperi.org.uk.
> [...]
>
> nix at hades 953 /home/nix% host mail.esperi.org.uk
> mail.esperi.org.uk has address 194.247.41.52 <----
>
> nix at hades 955 /home/nix% host 194.247.41.52
> 52.41.247.194.in-addr.arpa domain name pointer 41-052.adsl.zetnet.co.uk.
>
> nix at hades 956 /home/nix% host 41-052.adsl.zetnet.co.uk.
> 41-052.adsl.zetnet.co.uk has address 194.247.41.52 <----
>
> The fact that the reverse resolution of my MX record yields a name
> different from that on the MX record is irrelevant (it had better be:
> that machine has half a dozen names in addition to the nasty automatic
> reverse-resolution-only one Zetnet assigned).
I agree.
> What matters is those two arrowed lines: the name acquired from
> reverse-resolution of my IP address forward-resolves to the same
> address in its turn
I think you have 'arrowed' the wrong two lines (well I think one of them
is wrong), but yes, I agree that as long as the IP address has a PTR and
a matching A record, then it is fine (i.e. the original A record to find
the IP is not that important).
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list