OT: Seeking opinion about reverse-DNS lookups on SMTP HELO
Paul Howarth
paul at city-fan.org
Tue Dec 14 12:27:03 UTC 2004
HaJo Schatz wrote:
> To combat spam I have enabled reverse-DNS lookups of incoming SMTP
> connections. If the FQDN does not match the HELO-Identity, I reject the
> connection with a 550 Error.
I think this is asking for trouble and is arguably in violation of RFC 1123:
The HELO receiver MAY verify that the HELO parameter really
corresponds to the IP address of the sender. However, the
receiver MUST NOT refuse to accept a message, even if the
sender's HELO command fails verification.
> I have now found that this breaks communication even with reputable
> (well, an international bank that is) peers. Dunno how much more mail I
> may have lost through this... How are you out there handling that, are
> you doing reverse-lookups?
I do reverse DNS lookups for information only.
AOL are only accepting mail from sites that *have* reverse DNS, but it doesn't
matter much what the reverse DNS points to - see
http://postmaster.aol.com/info/rdns.html
Paul.
More information about the fedora-list
mailing list