On 10/30, m...@khonji.org wrote: > I misread your email then, my bad. > > As far as I understand it now, is that you are getting the hostname by > reverse DNS lookup against the connecting SMTP peer (that is sending a mail). > > Then you use that FQDN to for a DNS A RR query. And you expect this IP > address to match to match against the SMTP peer's IP. This is even worst than > my initial understanding.
Yes, if I look up the PTR record of an IP address, and then take the host name from the result of that lookup and use it to do an A record lookup, I should then get the IP address I started with. And, again, I've blocked all email that failed that for three years. Mostly. I think there were maybe two times I briefly disabled it to talk to some broken domain. An example from your email, delivered by IP 209.85.160.173: $ host 209.85.160.173 173.160.85.209.in-addr.arpa domain name pointer mail-gy0-f173.google.com. $ host mail-gy0-f173.google.com mail-gy0-f173.google.com has address 209.85.160.173 And the IP I end up with is the IP I started with. Pass. Please explain why you believe it is a bad idea to try creating a test for this and running it through spamassassin's ruleqa to see if it's useful. Instead of just telling me you think it's a horrible idea. A more thorough explanation of the concept is here: http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS That is precisely what I'm talking about creating a test for. > Why would you want a DNS A RR to match an IP that is often founs as MX RR. That sentence doesn't make sense. I want a PTR record that matches an A record in reverse. That's all. As it should be. Nothing to do with MX records. > Are you assuming A RR == MX RR? They won't match in many cases. No, of course not. OHH. You... think... I mean the A record for just the domain? ? No. That would be ridiculous. I said the A record for the full host name returned by the PTR query. > If you query for an MX DNS RR instead of A RR, it would be less stupid (but > is still stupid). Paul Vixie's proposal was similar. What? Yeah, that must be what you mean. You think I mean: 192.168.1.1 -> mail.domain.com And then look up the A record for domain.com? No. The A record for the full host name. The A record for mail.domain.com. Which should be 192.168.1.1. > Final answer is your practical results. How many FP and TP are you getting? I > would get crazy high FP in my case. You've waisted my time by assuming I was clueless and failing at reading comprehension. -- "A ship in a port is safe, but that's not what ships are built for." -Grace Murray Hopper http://www.ChaosReigns.com