Tracy wrote: >At 23:24 1/12/2004, Jeffrey Laramie wrote: > > >>Does your SMTP server identify itself as mail.vbot.org, >>mail.aristiasoft.com, or karen.aristiasoft.com? Does it change depending >>on who sends the mail? I'm pretty sure the server only identifies itself >>by one name and that should be karen.aristiasoft.com which should pass >>the RDNS check. If for some reason it doesn't, I believe you can set the >>HeloDomain variable to ensure the RDNS check works properly, correct? >> >> >My server identifies itself as "arisiasoft.com". You would see a connecting >IP address of 66.219.172.36, a HELO/EHLO name of arisiasoft.com, and a MAIL >FROM: of either <something>@arisiasoft.com or <[EMAIL PROTECTED] and RDNS >of the connecting IP would show karen.arisiasoft.com. An MX lookup on >arisiasoft.com (either from the HELO/EHLO or the MAIL FROM) would show: > >arisiasoft.com. 432000 IN MX 10 mail.arisiasoft.com. > >And an A lookup of mail.arisiasoft.com would show: > >mail.arisiasoft.com. 432000 IN A 66.219.172.36 > > > >
That's kinda interesting. You have multiple A records pointing to 66.219.172.36. We're getting a little OT here but why do you use A records instead of CNAMEs? I know there was some debate about this years ago and at that time the conventional wisdom was that CNAMEs were better. I don't know what the 'preferred ' configuration is these days. >>>I think if you followed through on that, you would end up rejecting a lot >>>of mail from a lot of places... >>> >>> >>I may be misunderstanding how the mail server uses DNS, but I thought >>that a SMTP server should always identify itself by it's host name as >>listed by the PTR record and not by the virtual domains it handles. When >>a mail server uses SMTP-RDNS to verify the identity of the sending host >>doesn't it check the IP of the sending host against the IP returned by >>RDNS to determine if the host is indeed who it says it is? I've used >>SMTP-RDNS since I started using XMail and I've never noticed any valid >>mail getting rejected (although, getting back to my original point, if a >>system is mis-configured it could happen). If I'm off track here maybe >>you could clarify this for me ;-) >> >> > >Every ISP handles their checks differently, but as I read the RFC it >appears that: > >1) The connecting IP *MAY* have RDNS >2) The HELO/EHLO name *SHOULD* resolve via DNS >3) The MAIL FROM domain *SHOULD* have an MX record > >"MAY" means it is not required, "SHOULD" means that it is not required but >is strongly recommended. > > Right, but getting back to Dale's original concern, his virtual domains won't fail the remote server's RDNS check if the DNS for his SMTP server is configured correctly. And he shouldn't be afraid to use RDNS to check the validity of a remote server. Even a couple of years ago spoofing was relatively rare and a mail server that failed RDNS was not a big deal. Today about half of the spam I see is rejected by RDNS before my users see it. IMHO any SMTP server that fails RDNS is broken and should be fixed. >My own mail server makes much more restrictive tests than the RFC states, >but mail from one domain being delivered by a mail server with a different >domain name would still get through (assuming that the rest of my tests are >passed). > > > > As it should ;-) Jeff - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
