firewall IP as Originating IP for emails
Ed Greshko
Ed.Greshko at greshko.com
Thu Sep 9 13:18:38 UTC 2004
On Thu, 2004-09-09 at 21:09, Steve Buehler wrote:
> At 07:26 AM 9/9/2004, you wrote:
>
> >On Thu, Sep 09, 2004 at 04:50:18PM +0630, Mrs. Geeta Thanu wrote:
> > > 554 5.7.1 The server sending your mail[210.212.212.2] does not have a
> > > reverse DNS entry.connection rejected.Please conatct your network ISP
> > > provider.Default reject!
> >
> >This used to be a common rejection, when each site was assigned its
> >own IP address(es). It then became less common, as assignment of IP
> >addresses from ISPs became the norm. Now, it appears that some sites,
> >in a probably misguided attempt to reject spammers, have returned to
> >trying to validate IP addresses. I say misguided since (a) most spam
> >is from owned machines, so it won't help, and (b) most admins won't have
> >arranged with their ISPs--and many ISPs aren't willing to--provide PTR
> >records that reflect the originating domain.
>
> Unless this has changed in the last day or so, since I haven't heard any
> complaints or noticed any rejected mail, the reverse DNS does not have to
> say the domain name that is on that IP. We have 2 class C's and the
> reverse DNS's all say client.ibapp.com. I also have a couple of servers at
> my house with just 5 IP's total and I don't have to have SWBell (my DSL
> ISP) setup a reverse DNS that matches the domain names of my machines since
> they already have "adsl-xx-xx-xxx-xxx.dsl.kscymo.swbell.net" (real IP x'd
> out) as the reverse DNS entry and I do not get blocked by anybody. We
> started this when AOHell started rejecting email because of reverse DNS not
> being setup for the domains on our servers and have not had any problems
> since. So basically, you just have to have a reverse DNS, it doesn't have
> to be correct for your mail to stop getting rejected. I know that it
> should be setup correctly with the domain name that is actually doing it,
> but sometimes, for some people, that might not be feasible.
It may....or it may not....
Some SW does go so far as to do a double-reverse DNS lookup as well as
compare what it gets in the helo/ehlo with what the incoming IP resolves
to.
Yes, "misguided" is probably a good description for this behavior..but I
could think of others. :-)
Ed
--
"I think the problem, to be quite honest with you, is that you've never
actually known what the question is."
--The computer "Deep Thought" in "Hitchhiker's Guide to The Galaxy"
More information about the redhat-list
mailing list