Re: How to setup dual reverse/ptr records.
- From: Joe <joe@xxxxxxxxxxxxxx>
- Date: Sat, 15 Aug 2009 18:01:28 +0100
Joe SoandSo wrote:
Well,
Are you saying that the HELO is the same no matter what domain you send from? We had some emails bounce when the HELO didn't match the email address domain. The problem after some research could solved by matching the HELO domain... this I found on a ms KB article. Apparently there is a setting in Exchange to refuse mail if they don't match up.
But that really isn't my concern. I have seen where the PTR must match the sending email address domain or the messages bounce. I recently corrected the above problem, and now am concerned about this problem. Is this an issue? Or do servers that check PTR records against sender domain carefully check ALL resulting dns lookups. I know that AOL does check all results as per this link: http://postmaster.aol.com/tools/rdns.html
I just don't know about everyone else. Looking at the headers of emails sent from our domains.. it looks like sometimes the PTR record resolves to the correct domain sometimes it resolves to the other domain. About a 50/50 chance or being correct.
I don't want to just try the settings as is to see if I get a problem. I want to set it up correctly from the start. Otherwise it may come back to bite us.
While the RFC for PTR records allows for multiple records for an IP address, it is not clear how much DNS query software implements this correctly, or at all, as you rightly wonder.
OK, you're sending to pickier servers than I am, or than my server is. Have you considered SPF records? This ought to have a higher priority than what I would consider the rather pointless match checking of HELO or PTR strings. I don't bother doing that, and I feel my mail server is quite aggressive about spam. But I don't like false positives, and I can't see any point in trying to make other people jump through arbitrary artificial hoops.
Requiring a complementary PTR-A pair that is not 'generic' (a disguised IP address) is quite sufficient to block mail sent directly from home computers, which at the moment constitutes nearly all of the spam. The two or three spams a day which make it as far as my email client all come from businesses with their own SMTP servers, and making them comply with stupid matching rules apparently doesn't make them immune to virus infection.
It is completely trivial for a spammer's SMTP engine to offer any desired HELO string. You can do it from a keyboard like this: http://support.microsoft.com/kb/153119 and this method is a quick way of finding out if this is a problem with a specific server, and what it will accept.
As for the PTR, an ISP's smarthost may send email on behalf of an arbitrarily large number of domains, and is presumably trusted to do so. I can't imagine a very large number of PTRs for one IP address (especially a randomly chosen one from a small group) being practical, so I would assume this works by the use of SPF records.
--
Joe
.
- References:
- How to setup dual reverse/ptr records.
- From: Joe SoandSo
- Re: How to setup dual reverse/ptr records.
- From: Joe
- Re: How to setup dual reverse/ptr records.
- From: Joe SoandSo
- How to setup dual reverse/ptr records.
- Prev by Date: Re: SBS 2003 on Dell Server - Updates Applied and then DHCP and networking knackered!
- Next by Date: Re: Windows 7 RTM Connect to SBS2008
- Previous by thread: Re: How to setup dual reverse/ptr records.
- Next by thread: group policy- wallpaper not applying properly
- Index(es):
Relevant Pages
|
