Intentional. Most web virtual hosting uses HTTP1.1 headers rather than multi-homed IPs to the same server. And most of us can't get hold of enough IP addresses for each domain.
What the enforcement of reverse lookup really does is eliminate anonymizers that would allow you to maye your politically sensitive email truly anonymous. I view at as anti-free speech, similar to US Gov't restrictions on encryption. We still have freedom to think, but be careful expressing your opinions. Thomas Paine's "Common Sense" was originally signed "An Englishman." If he had signed his name, he probably would have been quickly hanged (or put in a brig on a ship in the harbor without access to counsel) and the U.S. might still be a crown colony. >Your example uses same IP (123.456.789.123) for both domains. >Was this intentional or just quick typing ;-) > >Each domain of mine is running on its own External IP Address > >I see your point though. > >The main plus, I see with the PTR check is that it forces all mail to be >sent through domains that are registered and have taken the 2-3 days to >get the domain propagated down the DNS chain. This stops someone from >quickly setting up a system and sending a million emails before they can >be stopped. > >Yes, this will not stop spam completely, but it will give a mechanism >for the registration processes to flag spammers by comparison of >previous incidences. > >Now if we could just get those open-relays shut down :-P > >Ben Johansen - http://www.pcforge.com >Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm >Authorized MDaemon Mail Server Reseller >http://www.pcforge.com/AltN.htm > > >-----Original Message----- >From: Bill Conlon [mailto:[EMAIL PROTECTED] >Sent: Thursday, June 19, 2003 3:25 PM >To: [EMAIL PROTECTED] >Subject: Re: Witango-Talk: including snippets of code [OT] Mail > >Ok, here's a typical setup (ignoring NS records) that people use for >hosting domains > >Your main zone is > >mydomain.com A 123.456.789.123 >www.mydomain.com CNAME mydomain.com >mydomain.com MX 10 mydomain.com > >Lets assume you have a full Class C, since it's simpler than classless >delegation (when you have 8/16/32/64/128 IP addresses) > >Then your reverse zone includes: > >123.789.456.123.in-addr.arpa PTR mydomain.com > >So you're typically sending mail with your address ([EMAIL PROTECTED]) via > >your SMTP server at mydomain.com which passes the reverse lookup test. > >Your client at herdomain.com is using virtual hosts on yours server and >is set up as: > >herdomain.com A 123.456.789.123 >www.herdomain.com CNAME herdomain.com >herdomain.com MX 10 herdomain.com > >There can't be a single pointer to two A records, so when >[EMAIL PROTECTED] sends mail, the reverse lookup points to >mydomain.com! This causes the mail to bounce if the reverse lookup test > >is used. > > > >>Very Interesting! I have multiple domains and a single mail server. >>The mail server has its own domain (smtpmirage.net). >>All the hosted domains A records point directly to the IP address. The >MX >>record points to mail@<domain>.com (and mail@<domain>.com is an A >record >>that points to the IP address). >>Seems to work OK...... >> >>Mark Bushaw >> >>----- Original Message ----- >>From: "Ben Johansen" <[EMAIL PROTECTED]> >>To: <[EMAIL PROTECTED]> >>Sent: Thursday, June 19, 2003 2:36 PM >>Subject: RE: Witango-Talk: including snippets of code [OT] >> >> >>> Interesting >>> >>> Didn't realize that because I have multiple domains on mine. >>> >>> >Anyway, it's just a rant. I had a server crash on me earlier this >year >>> >>> >when it got hijaced by a spammer, and I've spent a lot of hours this >>> year >>> >fighting off spam. But I still think it's better to allow mail from >>> >senders that don't pass the reverse lookup, and instead rely on >black >>> >hole lists at the server, and some simple filters on the mail >readers. >>> >>> >Because I don't want to have to tell my clients that we can't >receive >>> >mail from them. >>> >>> Considering turning it off. >>> >>> Ben Johansen - http://www.pcforge.com >>> Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm >>> Authorized MDaemon Mail Server Reseller >>> http://www.pcforge.com/AltN.htm >>> >>> >>> -----Original Message----- >>> From: Bill Conlon [mailto:[EMAIL PROTECTED] >>> Sent: Thursday, June 19, 2003 2:11 PM >>> To: [EMAIL PROTECTED] >>> Subject: RE: Witango-Talk: including snippets of code [OT] >>> >>> Off-topic: >>> >>> I would send this directly, but it might bounce. >>> >>> One problem w/ PTR records is they map one-to-one to A records. But >>> many >>> names (both A and CNAME records) map to one PTR. Hence if you >support >>> many domains with a single mail server, you can't satisfy the reverse >>> lookup condition. >>> >>> Also, you can't always keep PTRs up to date unless you run the >reverse >>> zone for your subnet. Some ISPs will NOT provide classless >delegation, >>> so you have to depend on the ISP to maintain your PTRs, leaving you >at >>> their mercy -- not a good thing in my opinion. >>> >>> For most of our clients for whom we provide mail, I ask them to use >our >>> server for POP, but continue to use their ISP for SMTP. Some though >>> prefer to use our server for both, and the consequence is that AOL >just >>> doesn't get messages from them. >>> >>> Of course AOL's hypocracy is the big story, since they and hotmail >have >>> been big spam sources. And much spam now flows through open relays, >>> which may still have PTR records that match the A record, so what >does >>> that do? >>> >>> Anyway, it's just a rant. I had a server crash on me earlier this >year >>> when it got hijaced by a spammer, and I've spent a lot of hours this >>> year >>> fighting off spam. But I still think it's better to allow mail from >>> senders that don't pass the reverse lookup, and instead rely on black >>> hole lists at the server, and some simple filters on the mail >readers. >>> >>> Because I don't want to have to tell my clients that we can't receive >>> mail from them. >>> >>> >Hi, >>> > >>> >Sorry you couldn't connect. >>> > >>> >I went to dnsreport.com and your mail server doesn't reverse DNS >>> >(checkout fail in MX section) >>> > >>> >>http://www.dnsreport.com/tools/dnsreport.ch?domain=internetcommercesolu >>> t >>> >ions.net >>> > >>> >In order to curb spam there is a shift in this, AOL has shifted to >this >>> >and those who have mail servers that don't have PTR (reverse DNS) >>> cannot >>> >post to AOL. There are a bunch of companies that are following suit >>> > >>> > >>> >Ben Johansen - http://www.pcforge.com >>> >Authorized Witango Reseller >http://www.pcforge.com/WitangoGoodies.htm >>> >Authorized MDaemon Mail Server Reseller >>> >http://www.pcforge.com/AltN.htm >>> > >>> > >>> >-----Original Message----- >>> >From: Fogelson, Steve [mailto:[EMAIL PROTECTED] >>> >Sent: Thursday, June 19, 2003 1:26 PM >>> >To: '[EMAIL PROTECTED]' >>> >Subject: RE: Witango-Talk: including snippets of code >>> > >>> >Ben, >>> > >>> >I have had that trouble in the past as well. You might want to check >it >>> >out. >>> >I was going to buy a Witango update from you on the day before the >>> price >>> >increases, but couldn't get through you email server. >>> > >>> >Have made the update since. >>> > >>> >Steve Fogelson >>> > >>> >-----Original Message----- >>> >From: John McGowan [mailto:[EMAIL PROTECTED] >>> >Sent: Thursday, June 19, 2003 3:13 PM >>> >To: [EMAIL PROTECTED] >>> >Subject: Re: Witango-Talk: including snippets of code >>> > >>> > >>> >Ben, >>> > >>> >I tried to send this post to you off the list, but your mail server >>> >doesn't seem to be accepting any thing from my mail server. >>> > >>> >Anyway, see my comments below about nested @includes. >>> > >>> > >>> >Ben Johansen wrote: >>> > >>> >>Off List, >>> >> >>> >>Now, I remember (coffee finally kicked in) >>> >> >>> >>The reason your sub-include of the TML works is because TML is one >of >>> >>the extensions setup in the web server to tell the web server that >>> >>Witango is responsible to process this file. >>> >> >>> >> >>> > >>> >No, the @include tag doesn't interact at all with the web server. >It >>> >also doesn't care about file extensions. When the app server comes >>> >across an @include, it doesn't care what file extension it is... it >>> >simply includes the file and evaluates any meta code it comes >across. >>> > >>> >>In the case where an included HTML file calling a SUB-HTML file >this >>> is >>> >>not the case. The SUB would not have its metatags processed >>> >> >>> >> >>> >Yes they are... See the enclosed example... I just tested this out. >>> > >>> >test.taf does an @include of test1.html >>> > >>> >test1.html does an @include of test2.html >>> >test2.html does an @include of test3.html >>> >test3.html executes @currentdate. >>> > >>> > >>> >/John >>> > >>> >>_______________________________________________________________________ >>> _ >>> >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> >>_______________________________________________________________________ >>> _ >>> >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> > >>> >>_______________________________________________________________________ >>> _ >>> >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> > >>> >>> >>> Bill Conlon >>> >>> To the Point >>> 345 California Avenue Suite 2 >>> Palo Alto, CA 94306 >>> >>> office: 650.327.2175 >>> fax: 650.329.8335 >>> mobile: 650.906.9929 >>> e-mail: mailto:[EMAIL PROTECTED] >>> web: http://www.tothept.com >>> >>> >>> >________________________________________________________________________ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >>> >>> >________________________________________________________________________ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >> >>_______________________________________________________________________ >_ >>TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf >> > > >Bill Conlon > >To the Point >345 California Avenue Suite 2 >Palo Alto, CA 94306 > >office: 650.327.2175 >fax: 650.329.8335 >mobile: 650.906.9929 >e-mail: mailto:[EMAIL PROTECTED] >web: http://www.tothept.com > > >________________________________________________________________________ >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > >________________________________________________________________________ >TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf > Bill Conlon To the Point 345 California Avenue Suite 2 Palo Alto, CA 94306 office: 650.327.2175 fax: 650.329.8335 mobile: 650.906.9929 e-mail: mailto:[EMAIL PROTECTED] web: http://www.tothept.com ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
