Joshua Penix wrote: > On Dec 29, 2007, at 5:55 PM, James G. Sack (jim) wrote: > >> So it looks like we[you] are going through an unnecessary step just >> because RoadRunner is violating rfc2821 (if I understand jhriv's >> explanation)? >> >> Should I complain to RR? > > No. The chunk of RFC being discussed by jhriv et al is not applicable > to this situation. What the RFC says you can't do is refuse mail if the > HELO domain name doesn't *match* the one retrieved from reverse DNS. > > If I attach to your mail server from 123.223.233.234 and say "HELO > josh.domain.com", and then your mail server does a reverse DNS query for > 123.223.233.234 and gets back "mail.domain.com", you're not supposed to > drop me. That's not what's happening here... > > In our case, our mail server is attaching to RR from 63.98.246.161 and > saying "HELO sparkplug.kernel-panic.org", and RR is doing a reverse DNS > query on 63.98.246.161 and getting back NXDOMAIN (no such record). > > So the part that applies to our situation and explains RR's mail > rejection is RFC 1912 part 2.1 which says, "For every IP address, there > should be a matching PTR record in the in-addr.arpa domain."
..this is complicated :-) So (in my own words) rfc1912 says every IP should (MUST) have a rDNS (presumeably pointing to a valid domain name), and it looks like the spec also says that (PTR) record must in turn match the IP via normal DNS (A-record lookup) -- that is there must be corresponding A-PTR pairs. But, the point within rfc2821 was dealing with something different, namely that an SMTP server must not refuse to accept mail simply because the rDNS result is a different FQDN from the HELO data. It is ok (and probably best) to refuse mail from an IP that fails rDNS lookup, as RR was doing. So, RR was doing the correct thing by refusing it, it seems. =-O >.. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
