Am 19.06.2017 um 15:00 schrieb Matus UHLAR - fantomas:
On 19.06.17 01:05, Reindl Harald wrote:
it's nearly always misleading and results in randomness on the
receiving server which name get logged and if A/PTR matches
normally you should always have:
* IP with *one* PTR
* the A-Record for the PTR matches
these two are correct.
* smtp_helo_name of your MTA matches the same name
this one is incorrect and my next comment applies only to this one:
does it harm? NO
is it easy to achive? YES
can it be used for scoring on a spamfilter? YES
anyways, with 2 PTR records for the same IP on servers with
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
you play lottery because one time it's logged as unknown and the other
time as matching, the unknown cases would trigger
reject_unknown_client_hostname
Actually, this would only happen when one of the A/AAAA records didn't
exist.
Having two PTR records with valid A/AAAA would only confuse people because
they could see different one each time client connects, but doesn't break
anything (only dns-based acl's)
this NOT true for all cases
FRANKLY i have seen enough *real world* postfix rejects caused by
"check_reverse_client_hostname_access" because the idot on the other
side had "mail.example.com" AND the old
"my-provider-xx.xx.xx.xx-dyn.crap" PTR where one time
"check_reverse_client_hostname_access" was fine because it dealed with
the "mail.example.com" and the next mail was rejected by match
"my-provider-xx.xx.xx.xx-dyn.crap"
in all of these cases just remove the old useless generic PTR would have
solved the problem from the start
so please inform yourself and do tests.....
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
