At 23:24 1/12/2004, Jeffrey Laramie wrote: >Does your SMTP server identify itself as mail.vbot.org, >mail.aristiasoft.com, or karen.aristiasoft.com? Does it change depending >on who sends the mail? I'm pretty sure the server only identifies itself >by one name and that should be karen.aristiasoft.com which should pass >the RDNS check. If for some reason it doesn't, I believe you can set the >HeloDomain variable to ensure the RDNS check works properly, correct? My server identifies itself as "arisiasoft.com". You would see a connecting IP address of 66.219.172.36, a HELO/EHLO name of arisiasoft.com, and a MAIL FROM: of either <something>@arisiasoft.com or <[EMAIL PROTECTED] and RDNS of the connecting IP would show karen.arisiasoft.com. An MX lookup on arisiasoft.com (either from the HELO/EHLO or the MAIL FROM) would show:
arisiasoft.com. 432000 IN MX 10 mail.arisiasoft.com. And an A lookup of mail.arisiasoft.com would show: mail.arisiasoft.com. 432000 IN A 66.219.172.36 > >I think if you followed through on that, you would end up rejecting a lot > >of mail from a lot of places... > >I may be misunderstanding how the mail server uses DNS, but I thought >that a SMTP server should always identify itself by it's host name as >listed by the PTR record and not by the virtual domains it handles. When >a mail server uses SMTP-RDNS to verify the identity of the sending host >doesn't it check the IP of the sending host against the IP returned by >RDNS to determine if the host is indeed who it says it is? I've used >SMTP-RDNS since I started using XMail and I've never noticed any valid >mail getting rejected (although, getting back to my original point, if a >system is mis-configured it could happen). If I'm off track here maybe >you could clarify this for me ;-) Every ISP handles their checks differently, but as I read the RFC it appears that: 1) The connecting IP *MAY* have RDNS 2) The HELO/EHLO name *SHOULD* resolve via DNS 3) The MAIL FROM domain *SHOULD* have an MX record "MAY" means it is not required, "SHOULD" means that it is not required but is strongly recommended. My own mail server makes much more restrictive tests than the RFC states, but mail from one domain being delivered by a mail server with a different domain name would still get through (assuming that the rest of my tests are passed). - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
