On Sam, MÃr 19, 2005 at 12:40:58 +0100, Kurt A. Schumacher wrote:
> While not having a ptr in DNS is just a bad behavior, there is no requirement
> at all forward and reverse lookup to be identical. You
> will generate a lot of false positives (e.g. blocked mails from the correct
> senders) and your service quality for the customers will
> go down.
RFC1912 - Common DNS Operational and Configuration Errors
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host should have a name. The consequences
of this are becoming more and more obvious. Many services available
on the Internet will not talk to you if you aren't correctly
registered in the DNS.
Make sure your PTR and A records match. For every IP address, there
should be a matching PTR record in the in-addr.arpa domain. If a
host is multi-homed, (more than one IP address) make sure that all IP
addresses have a corresponding PTR record (not just the first one).
Failure to have matching PTR and A records can cause loss of Internet
services similar to not being registered in the DNS at all. Also,
PTR records must point back to a valid A record, not a alias defined
by a CNAME. It is highly recommended that you use some software
which automates this checking, or generate your DNS data from a
database which automatically creates consistent data.
> Beyond that, there is no requirement that the originating IP address (nor the
> associated domain name) has to match with the MX
> address to receive mails for these domains. Any many SOHO organizations are
> forced to send their SMTP traffic over the ISP SMTP
> server, highly probably not related to their small corporate infrastructure
> at all.
That's not the issue, in fact it's not an issue at all...
> Reserving a dedicated IP address for each domain handled is simply a waste of
> IP addresses for the community.
You got the meaning of reject_unknown_client slightly wrong....
> There are smarter ideas around then black and white approaches, such as SPF,
> but this is not the golden egg either.
No it's not... but it is the best approach known to "patch" smtp for the
things smtp is used these days...
Regards
Philipp
--
_;\_ Philipp Morger / PHM2-RIPE System & Network Administrator
/_. \ Dolphins Network Systems AG Phone +41-1-847'45'45
|/ -\ .) Email: <[EMAIL PROTECTED]>
-'^`- \; Don't send mail to: [EMAIL PROTECTED]
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
