Dennis Peterson wrote:
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Dennis Peterson wrote:
Well I am assuming that you would be doing a forward-reverse-forward toI guess I'm saying that if I telnet to fw.domain.name on 25, I shouldsee
220something like
220 fw.domain.name ESMTP mail relay.
If it doesn't say that, then it is lying to anyone who connects to it.
Forward and back dns should resolve to the name spit out by the smtp
string. This should be verifiable.If I have a server with 500 virt hosts you could get a helo from any one
of them. If you telnet back to it on port 25 what do you think you might
see? One of about 499 "liars", maybe?
and comparing it to there. If a forward of mail.someclient.com is 1.2.3.4
and a reverse of 1.2.3.4 is fw.domain.name and a forward of fw.domain.name
is 1.2.3.4 then it's not lying. In fact, that is quite common. I'm
saying there should be a consistent forward-reverse mapping for the actual
mail server and that that mapping should match the 220 string. If
someclient.com has more than one priority MX server to handle mail then
whatever server is handling it (fw2.domain.name?) should have proper
forward-and-back mappings.
I give up. I was really thinking the light was about to go on, too.
Actually, I think you're agreeing and don't realize it. If I read the point properly, he is not suggesting that the name returned in PTR necessarily match that of the 220 reply... but he is suggesting that the forward lookup against the 220 reply result in an IP consistent with what you looked up in PTR originally. And, yes, this is pretty typical of hosted setups. If my IP results in domain.com but my mail server 220 says domain.org, that's OK... because both of them forward lookup to the same IP.
Or did I misunderstand the posting?
Bill _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
