On 19.06.17 01:05, Reindl Harald wrote:
it's nearly always misleading and results in randomness on the
receiving server which name get logged and if A/PTR matches
normally you should always have:
* IP with *one* PTR
* the A-Record for the PTR matches
these two are correct.
* smtp_helo_name of your MTA matches the same name
this one is incorrect and my next comment applies only to this one:
Am 19.06.2017 um 08:49 schrieb Matus UHLAR - fantomas:
Even this is not required. In fact, requiring this breaks SMTP RFC.
The only requirement on helo name is that host must exist and be canonical,
which means it has to point to A or AAAA record
there's no requirement that the HELO string matches the same name as PTR
and A/AAAA
IP -> PTR -> A/AAAA must match
HELO does NOT have to match IP -> PTR record. It only has to be resolvable
to A/AAAA.
On 19.06.17 11:25, Reindl Harald wrote:
should != required
it's best practice
anyways, with 2 PTR records for the same IP on servers with
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
you play lottery because one time it's logged as unknown and the
other time as matching, the unknown cases would trigger
reject_unknown_client_hostname
Actually, this would only happen when one of the A/AAAA records didn't exist.
Having two PTR records with valid A/AAAA would only confuse people because
they could see different one each time client connects, but doesn't break
anything (only dns-based acl's)
On 19.06.17 12:39, John Levine wrote:
Regardless of what the RFC says, if an IP doesn't have matching
forward/backward DNS that is an extremely strong indication that it's
a random computer in a botnet and few people will accept mail from it.
As others have noted, it doesn't matter what the forward/backward name
is so long as at least one pair of A and PTR match. You do want the
HELO name to resolve correctly, again, again non-resolving HELO is a
very strong indication of a bot.
which is the same I wrote above :)
Yes, we know the SMTP specs say otherwise but they haven't been
updated since bot spam became such a problem.
RFCs weren't update in last case above.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
