@Thomas
SA does not query the PTR at all. It relies on the Info from MTA that
logs the handover from first untrusted remote. A MTA (at least postfix)
does log the hostname of remote only if the name in PTR resolves back to
the IP. This is called Forward Confirmed rDNS. So PTR of IP resolves to
name and name must resolve back to that IP. Then it will be logged by
MTA. So the unknown in received does not mean no PTR but no FCrDNS
If you want to query PTR then I recommend to have a look at the askDNS
plugin.
Cheers
Tobi
------ Originalnachricht ------
Von "Thomas Barth via users" <[email protected]>
An [email protected]
Datum 08.11.2025 21:53:11
Betreff Re: unknown rDNS
Sorry guys, today, your two answers were classified as Virus/Spam (unofficial)
and I had to fetch them from quarantine :)
A virus was found: SecuriteInfo.com.Spam-111760.UNOFFICIAL
Scanner detecting a virus: ClamAV-clamd
The reason was mentioning the PTR of 107.150.1.216 in the mail. This is a
well-known hosting provider whose infrastructure was frequently used to operate
spam servers.
From: Reindl Harald
because "suomenporakaivo.fi" != "107-150-1-216-host.<...>"
because "suomenporakaivo.fi" != "107.150.1.216"
In most of spam I get ehlo and rDNS are different. Absolute equality with rDNS
is not required. In SMTP (RFC 5321), the client must specify a name or IP
literal in HELO/EHLO that identifies it. rDNS itself is useful for reputation
checks, but there is no requirement that EHLO == rDNS.
From: Matus UHLAR
while the IP has PTR record, the name in PTR does not exist, so nobody will
seriously use its content.
Didnt know that it also checks the name in PTR. I put this info into my docu as
a reminder.
Best regards,
Thomas B
