> -----Original Message----- > From: Gordon Messmer > Sent: Friday, September 12, 2008 6:46 PM
> Malcolm Weir wrote: > > > > No-one else > > seems to care that the valid RDNS maps to a name that's > different from > > the DNS entry, because the server(s) behind that address handle > > traffic for multiple domains, anyway. > > Somewhat aside: I don't know where you get the idea that this > problem is related to the reverse and forward lookups not > matching. In fact, that will virtually never happen the way > that you suggest. Systems like tcp_wrappers and ssh do a > reverse lookup first and then look up the name that's > returned to verify that those two match. It seemed a reasonable conclusion because the guy was complaining about having an "incorrectly set" RDNS, when that's a manifestly not the case. > The plugin in use verifies that the IP of the connecting > system has a reverse entry, that the entry doesn't contain > the IP address (as is common on consumer lines), and that it > doesn't specifically mention consumer grade connection > technology (aka "dialup", even when it's not). > Many sites block such connections because the amount of > legitimate mail from such connections is dwarfed by the > amount of spam and viruses that come from hacked Windows PCs > on consumer lines. I stick with RBLs, personally, but I > don't think that contacting your provider and asking for a > reverse DNS entry of your own is too high a bar to meet. Indeed. Asking isn't too high a bar. However, as it happens, the vendorS (there are two involved here) have declined. They observed that there's no meaning to the reverse DNS, and (as I have pointed out) these days forward and reverse DNS frequently don't match anyway. Futzing with managing reverse DNS creates a cost to the vendors, and they validly point out that the cost is disproportionate to the miniscule benefit. As I said, no-one else seems to care. And while it was, once, a valid assesment that "consumer grade" circuits (not that that has any real meaning beyond "circuits frequently used by consumers") may have been the connection of choice for "home users", and they were a source of a disproportionate amount of trouble, now the conclusion that "consumer grade" = "home user" is bogus. In fact, a significant proportion of the small businesses and SOHOs these days use "consumer grade" technology because it is ubiquitous, offers basically the same practical levels of service as "business grade" stuff, and it is much, much cheaper to install and run. Times change. The idea that you can spot a home user by the type of reverse DNS is just one of the ideas that is obsolete... The irony, to me, is that the only reason I noticed this is that the guy asked for help; his settings prevented a direct reply. Not a _lot_ of skin off my nose, but given the type of "problem" he was having, I figured it worth mentioning... Malc. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
