Re: [exim] RDNS lookup failures...

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJames Price at <-
M\Mike Cardwell at ->
Delete this message
Reply to this message
Author: Marco Wessel
Date:  
To: exim-users
Subject: Re: [exim] RDNS lookup failures...

On Mar 9, 2007, at 2:16 AM, James Price wrote:

> I want to confirm what I need to deny email if there is no PTR
> record on a
> connecting IP. I do NOT want to lookup the reverse (PTR) and then
> look at
> the A record also and then fail.

I'm not sure why you'd want that, as it is a relatively bad idea: it
would allow me to fake my origin very easily. If I'm delegated the
reverse for 1.2.3.0/24, I can just set 1.2.3.4's PTR record to be
'smtp.paypal.com' without paypal having anything to do with it. Doing
the forward lookup allows verification: 'smtp.paypal.com' is not
going to resolve back to my IP address, therefore it is invalid and
should be disregarded.

>
> exim_mainlog:2007-03-05 13:10:28 H=(MHRMAIL.MILL-USA.COM) [4.71.42.67]
> F=<scrotty@???> rejected RCPT <rick@???>:
> host lookup
> failed (4.71.42.67 does not match any IP address for mhrmail.mill-
> usa.com)
>
> When I do a lookup manually:
> border1# host 4.71.42.67
> 67.42.71.4.in-addr.arpa domain name pointer MHRMAIL.MILL-USA.COM.
>
> Granted its in CAPS, but there is a ptr record.

Yes, and it's wrong: 

[marco@tstsrv01 etc]$ host MHRMAIL.MILL-USA.COM
MHRMAIL.MILL-USA.COM    A       4.71.42.69


> Now in another instance:
> exim_mainlog:2007-03-07 14:58:10 H=(DC07CLFPN2.CITYOFCHICAGO.ORG)
> [216.125.147.3] F=<mberkshire@???> rejected RCPT
> <monica@???>: host lookup failed (216.125.147.3 does
> not match
> any IP address for 216.125.147.3.cityofchicago.org)
>
> Manual lookup:
> border1# host 216.125.147.3
> 3.147.125.216.in-addr.arpa domain name pointer
> 216.125.147.3.cityofchicago.org.
>
> It resolves just fine.
>

And again, it's invalid:

[marco@tstsrv01 marco]$ host 216.125.147.3.cityofchicago.org
216.125.147.3.cityofchicago.org does not exist, try again


This is Bad. Much worse than not having reverse dns at all.

I supppose you want to do these verifications as an anti-spam
measure? That's not very effective: most spam originates from hosts
that do have reverse dns, because they're simply consumer DSL and
cable connections and such, with the odd open relay thrown in. There
aren't many ISPs out there these days that don't set up reverse DNS
for those, except perhaps in china and such. And those are all
blockable with RBLs.





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Build error (PAM Support)Re: [exim] Build error (PAM Support)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)