At 9:06 PM +0100 11/1/01, Fokko van Duin imposed structure on a stream of electrons, yielding: >At 11:37 -0700 01-11-2001, Warren Michelsen wrote: >>I went all through this with the dnsreports.com guy yesterday. >>Basically, his time-outs are set pretty short -- not up to RFC >>standards. He's concerned that users of the web page will grow >>impatient if they have to wait too long for the report results. As >>I told him... > >OK, thanks for the info. > >> >>So, the problem is likely not on your end. > >Still leaves the question why SIMS waits 30 sec on DNS lookup, while >"Verify Return Paths" is unchecked (or has DNS lookup nothing to do >with return paths?).
That's it. 'Verify Return Paths' checks mail return paths (the argument of the SMTP MAIL command) not introduction names. (HELO arguments) The intro check is done as an audit trail matter: if a machine claims to be 'dnsreport.com' SIMS will see if the people who run DNS for dnsreport.com agree. If they do not (as they do not in this case) then SIMS notes this in the log and constructs Received headers for the session's mail that clearly emphasizes the IP address while noting the claimed name in parentheses. If this verification is passed, SIMS constructs a Received header that notes the verification. >On the other hand doing mx lookups for dnsreports.com gives: > >dnsreport.com MX 65151 10 mail.dnsreport.com >mail.dnsreport.com A 7523 24.240.171.218 > >but: > >218.171.240.24.in-addr.arpa PTR 206 24-240-171-218.hsacorp.net > >The ptr record does not refer to mail.dnsreport.com, so SIMS can not >verify, but still waits 30 sec, why? That's not what SIMS does. Nothing can be told reliably from a PTR record, as proven by the spammers operating out of RackSpace who used to (and may still) set their PTR records to the names of innocent parties. The HELO check is a simple one which does not actually block any mail: does the hostname given in the HELO resolve to the IP address used. If the person running that SMTP client is competent, the HELO argument will have an A record. On the other hand, it might be dnsreport.com on the other end... -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
