background: last month we enabled the feature on sendmail to do a reverse look-up of the name and verify the IP address before accepting an email for delivery FEATURE(`require_rdns')dnl. I know this breaks the RFC but given all the spam this actually helps weed out a few.
Received a call from purchasing today, that (all of a sudden) one of our vendors is no longer able to send us email. Checking the mail log I get: Oct 28 05:30:48 smtp sendmail[9092]: r9SCUmtY009092: ruleset=check_rcpt, arg1=<rwe...@inksystems.com>, relay=[198.173.12.21], reject=550 5.7.1 <rwe...@inksystems.com>... Fix reverse DNS for 198.173.12.21 Oct 28 05:30:49 smtp sendmail[9092]: r9SCUmtY009092: from=<prvs=1013b1b09b=h...@apollocolors.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[198.173.12.21] now normally the second line should end with relay=mailgw.apollocolors.com. [198.173.12.21] (not just the IP in brackets) However, we implemented the rule over a month ago, and all of a sudden as of yesterday this stopped working?? Question: When I dig the MX record I get mailgw.apollocolors.com. pompt> dig apollocolors.com MX ; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> apollocolors.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50104 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5 ;; QUESTION SECTION: ;apollocolors.com. IN MX ;; ANSWER SECTION: apollocolors.com. 3085 IN MX 10 mailgw.apollocolors.com. ;; AUTHORITY SECTION: apollocolors.com. 3332 IN NS ns3.e2services.net. apollocolors.com. 3332 IN NS ns4.e2services.net. apollocolors.com. 3332 IN NS ns2.e2services.net. apollocolors.com. 3332 IN NS ns1.e2services.net. ;; ADDITIONAL SECTION: mailgw.apollocolors.com. 3085 IN A 198.173.12.21 ns1.e2services.net. 3079 IN A 216.35.163.10 ns2.e2services.net. 3079 IN A 216.35.163.11 ns3.e2services.net. 3079 IN A 64.14.233.10 ns4.e2services.net. 3079 IN A 64.14.233.11 ;; Query time: 1 msec ;; SERVER: 12.238.189.39#53(12.238.189.39) ;; WHEN: Mon Oct 28 12:53:35 2013 ;; MSG SIZE rcvd: 223 When I look-up the reverse at my recursive server I get: prompt> dig -x 198.173.12.21 ; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> -x 198.173.12.21 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33959 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;21.12.173.198.in-addr.arpa. IN PTR ;; ANSWER SECTION: 21.12.173.198.in-addr.arpa. 8428 IN PTR mailgw.apollocolors.com. ;; AUTHORITY SECTION: 12.173.198.in-addr.arpa. 40828 IN NS auth2.dns.cogentco.com. 12.173.198.in-addr.arpa. 40828 IN NS auth5.dns.cogentco.com. 12.173.198.in-addr.arpa. 40828 IN NS auth4.dns.cogentco.com. 12.173.198.in-addr.arpa. 40828 IN NS auth1.dns.cogentco.com. ;; ADDITIONAL SECTION: auth1.dns.cogentco.com. 16531 IN AAAA 2001:550:1:a::d auth2.dns.cogentco.com. 30846 IN AAAA 2001:550:1:b::d auth4.dns.cogentco.com. 30846 IN AAAA 2001:978:1:a::d auth5.dns.cogentco.com. 30846 IN AAAA 2001:978:1:b::d ;; Query time: 1 msec ;; SERVER: 12.238.189.39#53(12.238.189.39) ;; WHEN: Mon Oct 28 12:55:16 2013 ;; MSG SIZE rcvd: 286 However, and her is the rub, when I do the same reverse look-up at any of their servers I get a list of root servers back. Shouldn't I be getting back the IP address pointer back? Also according to IntoDNS two of their servers are misconfigured or non-existant. Here is what I get instead: prompt> dig @216.35.163.10 -x 198.173.12.21 ; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> @216.35.163.10 -x 198.173.12.21 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29478 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;21.12.173.198.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: . 3600 IN NS j.root-servers.net. . 3600 IN NS l.root-servers.net. . 3600 IN NS i.root-servers.net. . 3600 IN NS m.root-servers.net. . 3600 IN NS a.root-servers.net. . 3600 IN NS b.root-servers.net. . 3600 IN NS c.root-servers.net. . 3600 IN NS d.root-servers.net. . 3600 IN NS e.root-servers.net. . 3600 IN NS f.root-servers.net. . 3600 IN NS g.root-servers.net. . 3600 IN NS h.root-servers.net. . 3600 IN NS k.root-servers.net. ;; ADDITIONAL SECTION: j.root-servers.net. 3600 IN A 192.58.128.30 l.root-servers.net. 3600 IN A 199.7.83.42 i.root-servers.net. 3600 IN A 192.36.148.17 ;; Query time: 59 msec ;; SERVER: 216.35.163.10#53(216.35.163.10) ;; WHEN: Mon Oct 28 13:00:29 2013 ;; MSG SIZE rcvd: 507 Am I missing something or is their DNS misconfigured? Any help is greatly appreciated. Want to verify they have a misconfiguration before letting the admin know.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users