RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Wil Hatfield - HVHM Customer Care]

Matt,

I don't know alot about the syntax used in tcp.smtp. I am a copy/paste kinda
guy. So do I just drop this in as is? What is confusing me is line 3 below
looks like a comment but maybe it is supposed to. Also is line 3 supposed to
have a closing quotation mark?

{The obvious localhost, etc.}
=:allow
:allow,RBLSMTPD="Blocked - Reverse DNS queries for your IP fail. You cannot
send me mail."
#:allow,RBLSMTPD="-Blocked - Reverse DNS queries for your IP fail. You
cannot send me mail.

I noticed your comment on "If you want to be a little more aggressive" in
your docs. Yes I wan't to be very agressive. I want it to drop the attempt
to connect on the floor with a permanent error.  Would the above do this?

Thanks for all your help,

Wil Hatfield



> -Original Message-
> From: Matt Simerson [mailto:[EMAIL PROTECTED]
> Sent: Saturday, March 29, 2003 7:13 PM
> To: Wil Hatfield - HVHM Customer Care
> Cc: [EMAIL PROTECTED]
> Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!
>
>
> See the brand new FAQ entry. :)
>
> http://matt.simerson.net/computing/mail/toaster/faq.shtml
>
> Matt
>
> On Saturday, March 29, 2003, at 06:18  PM, Wil Hatfield - HVHM Customer
> Care wrote:
>
> > Can we get some instructions for how to lock out the servers that
> > don't have
> > a reverse name lookup. About 60% of our spam coming in meets this
> > criteria
> > and it sure would be nice to get rid of it.
> >
> > Wil Hatfield
>
>

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Matt Simerson]

On Thursday, March 27, 2003, at 06:28  PM, Raboo wrote:

lol ya all :-)

btw matt simerson, if you code hacks to make your smtpd do more loging 
like
you said before that you have made it do logging of what kinds of 
blocks it
does, please feel free to publish them if you like, if not allready,
There's no code hacks involved to get more logging. You simply 
configure your smtp invocation to log the denied connections. For 
example, my smtp invocation looks like this:

exec softlimit -m 800 tcpserver -S -R -c20 -x 
/usr/local/vpopmail/etc/tcp.smtp.cdb -u 89 -g 89 0 smtp rblsmtpd -r 
sbl.spamhaus.org -r rbl-plus.mail-abuse.org -r list.dsbl.org -r 
bl.spamcop.net -r relays.ordb.org qmail-smtpd mail.cadillac.net 
/usr/local/vpopmail/bin/vchkpw /usr/bin/true 2>&1

If you read the rblsmtpd man page,  you'll learn that it writes it's 
output to file descriptor 2. In order for that to get logged, we have 
to put the little redirect (2>&1) in there at the end of the 
invocation. Now we actually get a little output from our smtp daemon.  
I wrote a little script that gets run as a multilog processor and it 
gets triggered every 5 minutes to roll the log, parse out the counts. 
Those get collected via SNMP and stuffed into a database which another 
script reads to create the graph you'll see here:  
http://matt.simerson.net/cgi-bin/rrdutil.pl

Eventually I'll hack up SpamAssassin some more and get it to log all 
the delivered messages, and their spam scores and I'll graph that too. 
That'll should prove interesting. :)

Greetings /Raboo
P.S. this is probibly one of the top ten biggest posts in the vchkpw
mailinglist
Religion zealots are everywhere. Who'd have thought I could make such a 
fuss simply by doing DNS checks on my very own personal mail server?

Matt

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Justin Heesemann]

On Saturday 29 March 2003 14:25, dWi saSonO b wrote:
> On Fri, 28 Mar 2003 09:53:47 +0100
>
> Lucas Valdeón <[EMAIL PROTECTED]> wrote:
> >  Hi,
> >
> >  Talking about reverse dns I have a little problem.
> > In the same machine there are several ips. In the first ip .71 there is
> > no service.
> > In the second one .72 mail is running ( pop3, smtp ).
> > .71 has reverse dns ( ssh.x.com )
> > .72 has reverse dns ( mail.x.com )
> > Qmail send mail from default route .71, so it has reverse dns, but it is
> > not mail.landm.net.
> > So I supossed I have to patch qmail to send from a different ip, or move
> > mail service to another one.
> > Is correct to send mail from a reverse dns in the same domain, but
> > different hostname that MX entry ?
> >
> > Thank you in advance,
> >
> > Lucas
>
> errr correct me if im wrong.
> reverse dns needed with smtp to validate IP and nameserver ?
> some of smtp server around the world need reverse dns to validate your smtp
> server some time if your smtp server can't be validate .. there's
> posibility your email message denied.
>
> ps.
> i dont know if this in RFC thought

exactly. and as some people in this list already pointed out: it is not.
i don't like people to enforce their "strict" policies on me, unless these 
strict policies are legal. what's next? everybody needs to run an ident 
daemon on his mail server ?

if you want to help your customers getting rid of their spam, why not force 
them to use a spam filter? oh, i forgot.. they pay you and we don't.
it's pretty obvious, that as long as the reverse dns isn't in RFC, chances are 
that the good guys send mail from servers without reverse dns. => if you 
don't accept mail from them, your customers will lose "ham" mail.


-- 
Mit internetten Grüßen / Best Regards
---
Justin Heesemannionium Technologies
[EMAIL PROTECTED]www.ionium.org

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[dWi saSonO b]

On Fri, 28 Mar 2003 09:53:47 +0100
Lucas Valdeón <[EMAIL PROTECTED]> wrote:

> 
>  Hi,
> 
>  Talking about reverse dns I have a little problem.
> In the same machine there are several ips. In the first ip .71 there is no
> service.
> In the second one .72 mail is running ( pop3, smtp ).
> .71 has reverse dns ( ssh.x.com )
> .72 has reverse dns ( mail.x.com )
> Qmail send mail from default route .71, so it has reverse dns, but it is not
> mail.landm.net.
> So I supossed I have to patch qmail to send from a different ip, or move
> mail service to another one.
> Is correct to send mail from a reverse dns in the same domain, but different
> hostname that MX entry ?
> 
>   Thank you in advance,
> 
>   Lucas
> 
> 

errr correct me if im wrong.
reverse dns needed with smtp to validate IP and nameserver ?
some of smtp server around the world need reverse dns to validate your smtp server
some time if your smtp server can't be validate .. there's posibility your email 
message denied.

ps.
i dont know if this in RFC thought


-- 
thx
onOs
UPPTI - Universitas Brawijaya

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Tom Collins]

On Friday, March 28, 2003, at 01:53  AM, Lucas Valdeón wrote:
Is correct to send mail from a reverse dns in the same domain, but 
different
hostname that MX entry ?
Yes, that would be fine.  Mail doesn't have to come from servers that 
accept messages.

--
Tom Collins
[EMAIL PROTECTED]

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Lucas Valdeón]

 Hi,

 Talking about reverse dns I have a little problem.
In the same machine there are several ips. In the first ip .71 there is no
service.
In the second one .72 mail is running ( pop3, smtp ).
.71 has reverse dns ( ssh.x.com )
.72 has reverse dns ( mail.x.com )
Qmail send mail from default route .71, so it has reverse dns, but it is not
mail.landm.net.
So I supossed I have to patch qmail to send from a different ip, or move
mail service to another one.
Is correct to send mail from a reverse dns in the same domain, but different
hostname that MX entry ?

Thank you in advance,

Lucas




*
Este  mensaje  contiene  información  confidencial destinada  para ser leída
exclusivamente por el destinatario. Su contenido no constituye un compromiso
para  Ágora-Europe S.A.  salvo ratificación escrita por  ambas partes. Queda
prohibida la  reproducción,  publicación, divulgación,  total o parcial  del
mensaje así como el uso  no autorizados por el emisor. En caso de recibir el
mensaje por error, se ruega su comunicación al remitente lo antes posible.

This message contains confidential information for  the exclusive use of the
recipient.Its contents do not  constitute a commitment by  Agora-Europe S.A.
except  where  provided  for in  a  signed  agreement  between both parties.
Any unauthorised disclosure,  use or dissemination, either whole or partial,
is  prohibited.  If you  are  not  the intended recipient  of  the  message,
please  notify  the  sender as soon as possible.
*

Re[2]: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[made]

Hi guys..
Would you please to  stop this 'holy war'
It wasting my bandwith.

thanks..
-- 
best regards
made <[EMAIL PROTECTED]>

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Raboo]

lol ya all :-)


btw matt simerson, if you code hacks to make your smtpd do more loging like
you said before that you have made it do logging of what kinds of blocks it
does, please feel free to publish them if you like, if not allready,

Greetings /Raboo
P.S. this is probibly one of the top ten biggest posts in the vchkpw
mailinglist

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Nick Harring]

Title: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!





As the only other person on this apparently doing this, I thought I'd just weigh in briefly (again) with regards to why we do it. For those folks who're worried about the sanctity of my users email, don't be. My users understand what is occuring, and have requested, over and over, stricter spam filtering. 

I would heavily disagree that my servers are "broken", and I would also say I'm not extending any RFC. I don't claim that what I'm doing is RFC mandated, or even supported by one. Honestly, if the RFC doesn't speak one way or the other, its fair game. That's the way quite a few things on the Internet have worked in the past, continue to work now, and most likely will in the future. Honestly, quite a few qmail admins are bending RFCs if they run qmtp daemons and "embed" the information to indicate this in the numeric values of their MX records. There is no RFC on this, no other mail client, to my knowledge, knows about it, etc.

I, quite obviously, side with all the people who say it may or may not be a good idea, but it certainly isn't broken. Spam is a huge problem for my users, for a number of reasons, and this was the next best step my predecessor and myself could find. It seems to have cut down the volume of spam, though I don't really maintain much tracking data on it. So far I've had good luck in my interactions with administrators of other mail systems, however I certainly wouldn't consider it their duty to advertise a non-required piece of information in their dns.

Nicholas Harring
System Administrator
Webley Systems, Inc
877-609-4795



-Original Message-
From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 27, 2003 1:03 PM
To: [EMAIL PROTECTED]
Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!



> those are all true. the term in contention is "broken".  obviously, if a
> mailserver is refusing messages from sites with "even IP addresses"
> (whatever those are, how is an IP address even or odd?) *and the reason for
> that refusal is not known*, then it's broken. If it's been purposely
> configured that way, it's not broken, regardless of how bizarre it may
> seem.


Agreed.  Totally agreed.


> don't confuse me with the person who configured his mailserver that way.
> None of my mailservers - across three ISP currently - block mail based on
> lack of in-addr.arpa. I'm merely defending the choice of someone to do so,
> and pointing out that making that choice does not inherently make the
> mailserver "broken".


Noted, and I apologize.  I think that we're actually arguing the same point.


> actually, the fault becomes excruciatingly fuzzy at that point. does an
> administrator have a right to run his mailserver in a way that protects it
> from large amounts of spam? for that matter, what about spam filtering not


I have not seen any proof that spammers tend to spam from addresses which 
don't resolve.  I mean the ISP I run has a reverse address for every IP in 
our IP ranges -- in theory anyone spamming from us would get through the 
filter, at least until we ToS'd them.


For me, rejecting email before the data is accepted by my mail server is a 
holy grail.  However I content-filter so I can't reject the mail based on 
content until I actually see the content.  And with my servers, I deliver 
mail deemed spam into a 'spam' IMAP folder and the user is free to view it or 
ignore it at their discretion.  All that the OP is doing is moving that up a 
level and actually telling the other server that a) it's not accepted and b) 
saving himself the bandwidth.  Both, in my opinion, are noble causes.


However, I also believe that if you are not adhereing to RFCs for inter-server 
communication that you are not being a good 'net citizen.  My users don't get 
their spam, but I'm also following the RFC (much closer) to the letter than 
the OP, who rejects email if the server does not have a reverse IP mapping.


Where is the line?  That is a very good question.  I agree that it's your 
server and you really can run it any way you please, but if you're going 
above and beyond the requirements of an RFC, you're no longer following that 
RFC and is (in my mind) the internet equivalent to driving in a residential 
area with a failed muffer or a stereo cranked to the max.  You can _do_ it, 
but it's not _nice_.  


As the OP stated, it's for his personal mail server.  He has no customers.  I 
would not be able to get away with it with my ISP.  If I _could_ get away 
with it, would I?  I don't think so, as per the previous paragraph.


> based upon in-addr.arpa lookup that blocks messages inadvertently? no spam
> filter is 

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Andrew Kohlsmith]

> others think about blocking based on DNS. I haven't done it in quite a
> few years.

Haven't done what, started a flamewar?  :-)

(honestly, that is meant to be funny, not an attack)

Regards,
Andrew

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Andrew Kohlsmith]

> those are all true. the term in contention is "broken".  obviously, if a
> mailserver is refusing messages from sites with "even IP addresses"
> (whatever those are, how is an IP address even or odd?) *and the reason for
> that refusal is not known*, then it's broken. If it's been purposely
> configured that way, it's not broken, regardless of how bizarre it may
> seem.

Agreed.  Totally agreed.

> don't confuse me with the person who configured his mailserver that way.
> None of my mailservers - across three ISP currently - block mail based on
> lack of in-addr.arpa. I'm merely defending the choice of someone to do so,
> and pointing out that making that choice does not inherently make the
> mailserver "broken".

Noted, and I apologize.  I think that we're actually arguing the same point.

> actually, the fault becomes excruciatingly fuzzy at that point. does an
> administrator have a right to run his mailserver in a way that protects it
> from large amounts of spam? for that matter, what about spam filtering not

I have not seen any proof that spammers tend to spam from addresses which 
don't resolve.  I mean the ISP I run has a reverse address for every IP in 
our IP ranges -- in theory anyone spamming from us would get through the 
filter, at least until we ToS'd them.

For me, rejecting email before the data is accepted by my mail server is a 
holy grail.  However I content-filter so I can't reject the mail based on 
content until I actually see the content.  And with my servers, I deliver 
mail deemed spam into a 'spam' IMAP folder and the user is free to view it or 
ignore it at their discretion.  All that the OP is doing is moving that up a 
level and actually telling the other server that a) it's not accepted and b) 
saving himself the bandwidth.  Both, in my opinion, are noble causes.

However, I also believe that if you are not adhereing to RFCs for inter-server 
communication that you are not being a good 'net citizen.  My users don't get 
their spam, but I'm also following the RFC (much closer) to the letter than 
the OP, who rejects email if the server does not have a reverse IP mapping.

Where is the line?  That is a very good question.  I agree that it's your 
server and you really can run it any way you please, but if you're going 
above and beyond the requirements of an RFC, you're no longer following that 
RFC and is (in my mind) the internet equivalent to driving in a residential 
area with a failed muffer or a stereo cranked to the max.  You can _do_ it, 
but it's not _nice_.  

As the OP stated, it's for his personal mail server.  He has no customers.  I 
would not be able to get away with it with my ISP.  If I _could_ get away 
with it, would I?  I don't think so, as per the previous paragraph.

> based upon in-addr.arpa lookup that blocks messages inadvertently? no spam
> filter is 100% perfect, though some bayesian filters appear to be
> approaching that. what do you do when a customer runs a mailing list where
> they share with friends particularly funny examples of spam? the messages
> contain spam, but aren't spam themselves - yet virtually every spam filter
> out there would block them.

Agreed, although that is what whitelists and learning filters are all about.  
Offhand, I woudl love to see a learning filter which filtered "funny" spam 
from not funny spam.  :-)

> >   Whether that is acceptable to you or not is your (and your
> >customer's) worry, not mine.  I am under no obligation to correct my
> >"mistake" simply because you don't like it and have configured your
> > servers not to like it.
>
> and likewise, i hope you realize.

Agreed.  As I said earlier, it's your (as in the owner's) box, they can do 
with it as they please.  But if he were to come to me and say "YOUR DNS is 
broken, fix it!" I would not be so kind, as he's brought it upon himself to 
extend the SMTP RFCs and for (in my experience) limited utility.

Regards,
Andrew

... trying to get back on topic...  So...  how's them vpopmails coming along?  
:-)

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Matt Simerson]

On Thursday, March 27, 2003, at 01:35  PM, Tom Collins wrote:

On Thursday, March 27, 2003, at 10:22  AM, Paul Theodoropoulos wrote:
rather than trumping up your argument with etiquette fascism, how 
about pointing out a relevant RFC that backs up your [baseless] 
opinion that a mailserver must accept messages from a site without 
reverse DNS?

ever heard of RFC 2505? apparently not.
I hadn't read RFC2505 
 until now, but I 
took the time to do so.

It has some good advice, but I didn't see any mention of refusing mail 
from hosts without reverse DNS.  It does talk about refusing mail 
based on the FQDN that reverse DNS resolves to (section 2.5), but I 
think it's a stretch to extend that to IP addresses that don't have 
reverse DNS.
I don't think that's stretching at all. Having an IP not resolve at all 
*is* a form of resolution. It resolves to an empty value.

If you look at how I'm doing the block, I am doing almost exactly what 
the RFC describes and refusing based on the FQDN of the mail server. If 
the FQDN is empty, I refuse the connection.

I agree with others that the first post should have gone to Inter7 
(perhaps [EMAIL PROTECTED]) and not this list.
I made the original post, and I agree, partially. If my intent was 
solely to get Inter7 to "fix" the reverse DNS, then I would agree 
completely. I've already "fixed" the problem on my end by adding a 
special rule for their mail servers IP. However, I also wanted to hear 
what a few other postmasters had to say about it. Posting privately 
would not have afforded that luxury. I have enjoyed hearing what a few 
others think about blocking based on DNS. I haven't done it in quite a 
few years.

If someone wants to add spam filters to their personal mail server 
that deny mail from hosts without reverse DNS, that's fine with me.  
If they think it's a good idea and tell others about it, I think it's 
a good idea for others to provide constructive feedback on why they 
disagree.
I couldn't agree more. However, calling a mail server "broken" because 
it's not set up the way you'd prefer isn't constructive. :)

If it's true that spammers don't have reverse DNS on their IP 
addresses, I wouldn't mind seeing the MTA adding a header like 
"X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS." and 
even "X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which 
does not resolve to 209.218.8.2".  Then an email client could filter 
on that header or SpamAssassin could add a few points to the message's 
spam score.
That's easy enough to do in qmail-scanner, and on my "production" 
servers, that's just another check in SpamAssassin to determine a 
messages spam score. What I'm attempting to do is block the spam 
*before* it has to be processed by the more "heavy weight" utilities 
like AV and SA.

Matt

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Andrew Kohlsmith]

> Would 208.32.76.233 pass the test?

> It has a revers ptr, but some mail servers block it claiming it does not
> have one.

I dunno, I don't block mail from servers with no reverse DNS, or whose reverse 
DNS does not map to the same name as its forward DNS.  :-)

Regards,
Andrew

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Paul Theodoropoulos]

At 10:04 AM 03-27-2003, you wrote:
> diversion. in short: the original claim was baseless. No mailserver is
> broken for refusing messages from sites that have no in-addr.arpa in place.
Please.

"No mailserver is broken for refusing messages from sites run by [ethnic
group]."
"No mailserver is broken for refusing messages from sites with an even IP
address."
"No mailserver is broken for refusing messages delievered by air-mail."
those are all true. the term in contention is "broken".  obviously, if a 
mailserver is refusing messages from sites with "even IP addresses" 
(whatever those are, how is an IP address even or odd?) *and the reason for 
that refusal is not known*, then it's broken. If it's been purposely 
configured that way, it's not broken, regardless of how bizarre it may seem.

There is no guideline saying that servers MUST refuse mail from sites with no
in-addr.arpa.  Therefore your stance is on shaky ground -- you are going
above and beyond the relevant RFCs that the protocol relies on to achieve a
goal.  "Embrace and extend," anyone?
You don't mind rejecting mail based on lack of in-addr.arpa.  I do.
don't confuse me with the person who configured his mailserver that way. 
None of my mailservers - across three ISP currently - block mail based on 
lack of in-addr.arpa. I'm merely defending the choice of someone to do so, 
and pointing out that making that choice does not inherently make the 
mailserver "broken".

Who
cares?  When your customers come to you and say that they aren't getting mail
and you ask the other ISP to fix their problem and they won't, who's at
fault?  You are in this case, because you are going above and beyond what the
RFC dictates as minimum requirements.
actually, the fault becomes excruciatingly fuzzy at that point. does an 
administrator have a right to run his mailserver in a way that protects it 
from large amounts of spam? for that matter, what about spam filtering not 
based upon in-addr.arpa lookup that blocks messages inadvertently? no spam 
filter is 100% perfect, though some bayesian filters appear to be 
approaching that. what do you do when a customer runs a mailing list where 
they share with friends particularly funny examples of spam? the messages 
contain spam, but aren't spam themselves - yet virtually every spam filter 
out there would block them.

there are no black & white answers in this area.

There is nothing stating you can't have a nameserver without a valid reverse
lookup, and if you are expecting the world to follow you, you have delusions
of grandeur.
who's talking about in-addr.arpa for nameservers?

  Whether that is acceptable to you or not is your (and your
customer's) worry, not mine.  I am under no obligation to correct my
"mistake" simply because you don't like it and have configured your servers
not to like it.
and likewise, i hope you realize.


Regards,
Andrew
Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net 

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Matt Simerson]

On Thursday, March 27, 2003, at 01:18  PM, Rick Updegrove wrote:

- Original Message -
From: "Matt Simerson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 27, 2003 7:21 AM
Subject: [vchkpw] Inter7 mail server doesn't have reverse DNS!
I started blocking connections to my mail server from servers who 
don't
have DNS and my vpopmail and qmailadmin list traffic stopped.
Matt,

How much actual SPAM did your "now-misconfigured mailserver" actually 
block
with this tactic during that time?  Before anyone flames me, consider 
that
this is a serious question and I am very interested in the answer.

Thanks.
Rick Up


Todays Total Blocks: 875

spamhaus=637
spamcop = 127
reverse = 66
dsbl = 44
ordb = 1
Due to reverse DNS failure: 66
Unique mail server IP block: 23
Matt

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[JB]

Question...

Would 208.32.76.233 pass the test?

It has a revers ptr, but some mail servers block it claiming it does not 
have one.

~jb

 

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Tom Collins]

On Thursday, March 27, 2003, at 10:22  AM, Paul Theodoropoulos wrote:
rather than trumping up your argument with etiquette fascism, how 
about pointing out a relevant RFC that backs up your [baseless] 
opinion that a mailserver must accept messages from a site without 
reverse DNS?

ever heard of RFC 2505? apparently not.
I hadn't read RFC2505  
until now, but I took the time to do so.

It has some good advice, but I didn't see any mention of refusing mail 
from hosts without reverse DNS.  It does talk about refusing mail based 
on the FQDN that reverse DNS resolves to (section 2.5), but I think 
it's a stretch to extend that to IP addresses that don't have reverse 
DNS.

I agree with others that the first post should have gone to Inter7 
(perhaps [EMAIL PROTECTED]) and not this list.

If someone wants to add spam filters to their personal mail server that 
deny mail from hosts without reverse DNS, that's fine with me.  If they 
think it's a good idea and tell others about it, I think it's a good 
idea for others to provide constructive feedback on why they disagree.

If it's true that spammers don't have reverse DNS on their IP 
addresses, I wouldn't mind seeing the MTA adding a header like 
"X-Possible-Spam: Host 209.218.8.2 does not have reverse DNS." and even 
"X-Possible-Spam: Host 209.218.8.2 resolves to spam.com which does not 
resolve to 209.218.8.2".  Then an email client could filter on that 
header or SpamAssassin could add a few points to the message's spam 
score.

--
Tom Collins
[EMAIL PROTECTED]

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Charles Sprickman]

On Thu, 27 Mar 2003, Nick Harring wrote:

> Rather than questioning why we would refuse to accept from non-reversible
> hosts, why don't we ask why anyone would set a host up without reverse DNS?

Because they're not running DJBDNS. :)



C

> Nicholas Harring
> System Administrator
> Webley Systems, Inc
> 877-609-4795
>
>
> -Original Message-
> From: Ron Guerin [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 27, 2003 10:02 AM
> To: vpopmail
> Subject: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!
>
>
> On Thu, 2003-03-27 at 10:55, Nick Harring wrote:
> > We currently run our hosted systems requiring reverse DNS and haven't
> > really had any complaints about mail not being received. While there's
> > no rule requiring reverse DNS, systems without it are much more likely
> > to be spam originators in my experience with our system. The few
> > systems I've come across that legitimately send mail but had broken
> > reverse DNS were more than happy, and able, to fix it quickly and
> > understood immediately the point of rejecting connections on such a
> > condition.
>
> If you've chosen to deliberately break your mail server like this, that
> is of course your choice to make.  I just hope you've informed your
> customers.
>
> - Ron
>
>
>

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Rick Macdougall]

Hi,

I know on my mail server that approx 32% of the spam that I personally
receive have no reverse DNS entries.  I just checked on the last 200 of them
and that's where the 32% comes from. Oh, let me qualify that statement by
saying that I don't list ISP mail servers or what appear to be real ISP mail
servers.  So that 32% might drop down to around 10 or 20% if I added those
IP's back into the list.

I have no idea what percentage of valid email doesn't have a reverse DNS
entry since I don't add non-spam to my rbl list.

Regards,

Rick

- Original Message -
From: "Rick Updegrove" <[EMAIL PROTECTED]>
To: "Matt Simerson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, March 27, 2003 1:18 PM
Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!


- Original Message -
From: "Matt Simerson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 27, 2003 7:21 AM
Subject: [vchkpw] Inter7 mail server doesn't have reverse DNS!

> I started blocking connections to my mail server from servers who don't
> have DNS and my vpopmail and qmailadmin list traffic stopped.

Matt,

How much actual SPAM did your "now-misconfigured mailserver" actually block
with this tactic during that time?  Before anyone flames me, consider that
this is a serious question and I am very interested in the answer.

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Rick Updegrove]

- Original Message -
From: "Matt Simerson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 27, 2003 7:21 AM
Subject: [vchkpw] Inter7 mail server doesn't have reverse DNS!

> I started blocking connections to my mail server from servers who don't
> have DNS and my vpopmail and qmailadmin list traffic stopped.

Matt,

How much actual SPAM did your "now-misconfigured mailserver" actually block
with this tactic during that time?  Before anyone flames me, consider that
this is a serious question and I am very interested in the answer.

Thanks.


Rick Up

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Wil Hatfield - HVHM Customer Care]

OH GOODNESS! My votes...
top post etiquette ridiculous,
reverse name lookup dangerous (but I like it).

My first impression is that you all meant that the @domain.com has to have a
reverse lookup, which I hope everyone knows would be catistrophic since only
the machines themselves will typically have lookups. Virtual domains rarely
do. So I hope this isn't the case.

But if you are talking about doing a lookup on the machines domain name that
should work out fine as long as it doesn't have to match just have a
positive result. For instance good old Inter7 here uses evanston.inter7.com
but has a reverse lookup of mail.inter7.com. If the original poster is
forcing it to match he wouldn't get his emails from Inter7.

Now back to assisting that original poster and myself. Can someone please
tell us how to implement the reverse name lookup hack? It should verify the
machine name and not require a match just check that is actually has a
lookup.  As for sending an error back to the server isn't that a little
useless? If we are not accepting because the server really isn't there then
where do we expect the error to go. Or are we just sending the error back to
the client?

Lets turn this into a productive post please. If I wanted to see a bunch of
flamage I would subscribe to a MicroSuck list.

Wil Hatfield

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Andrew Kohlsmith]

> diversion. in short: the original claim was baseless. No mailserver is
> broken for refusing messages from sites that have no in-addr.arpa in place.

Please.

"No mailserver is broken for refusing messages from sites run by [ethnic 
group]."
"No mailserver is broken for refusing messages from sites with an even IP 
address."
"No mailserver is broken for refusing messages delievered by air-mail."

There is no guideline saying that servers MUST refuse mail from sites with no 
in-addr.arpa.  Therefore your stance is on shaky ground -- you are going 
above and beyond the relevant RFCs that the protocol relies on to achieve a 
goal.  "Embrace and extend," anyone?

You don't mind rejecting mail based on lack of in-addr.arpa.  I do.  Who 
cares?  When your customers come to you and say that they aren't getting mail 
and you ask the other ISP to fix their problem and they won't, who's at 
fault?  You are in this case, because you are going above and beyond what the 
RFC dictates as minimum requirements.  

There is nothing stating you can't have a nameserver without a valid reverse 
lookup, and if you are expecting the world to follow you, you have delusions 
of grandeur.  Whether that is acceptable to you or not is your (and your 
customer's) worry, not mine.  I am under no obligation to correct my 
"mistake" simply because you don't like it and have configured your servers 
not to like it.

Regards,
Andrew

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Paul Theodoropoulos]

At 09:43 AM 03-27-2003, Ron Guerin wrote:
On Thu, 2003-03-27 at 12:40, Paul Theodoropoulos wrote:

> translation: "i don't know the RFC's, I have no basis for claiming that
> other's mailserver are broken, and I'll continue to evade directly
> confronting my error and apologizing for my mistaken claim by 
pretending to
> take 'the high road'"

I'm not mistaken, I'm just not interested in your diversion.  The RFCs
also don't say it's wrong to reject every third connection.
> you didn't say "what a bad idea it is". you said his mailserver was 
broken.
> prove it. put up or shut up.

Oh please.  Get a clue you ass.
lacking a cogent argument, he resorts to ad hominem. a classic rhetorical 
diversion. in short: the original claim was baseless. No mailserver is 
broken for refusing messages from sites that have no in-addr.arpa in place.



Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net 

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Ron Guerin]

On Thu, 2003-03-27 at 12:40, Paul Theodoropoulos wrote:

> translation: "i don't know the RFC's, I have no basis for claiming that 
> other's mailserver are broken, and I'll continue to evade directly 
> confronting my error and apologizing for my mistaken claim by pretending to 
> take 'the high road'"

I'm not mistaken, I'm just not interested in your diversion.  The RFCs
also don't say it's wrong to reject every third connection.

> you didn't say "what a bad idea it is". you said his mailserver was broken. 
> prove it. put up or shut up.

Oh please.  Get a clue you ass.

- Ron

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Paul Theodoropoulos]

At 09:32 AM 03-27-2003, Ron Guerin wrote:
On Thu, 2003-03-27 at 12:22, Paul Theodoropoulos wrote:

> rather than trumping up your argument with etiquette fascism, how about
> pointing out a relevant RFC that backs up your [baseless] opinion that a
> mailserver must accept messages from a site without reverse DNS?
Please, spare me your righteous anger.  You may continue to operate a
broken mail server.  I never said you couldn't.  I frankly don't care
who you don't get mail from.  My mistake for letting the other fellow
know what a bad idea it is.
translation: "i don't know the RFC's, I have no basis for claiming that 
other's mailserver are broken, and I'll continue to evade directly 
confronting my error and apologizing for my mistaken claim by pretending to 
take 'the high road'"

you didn't say "what a bad idea it is". you said his mailserver was broken. 
prove it. put up or shut up.

Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net 

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Ron Guerin]

On Thu, 2003-03-27 at 12:22, Paul Theodoropoulos wrote:

> rather than trumping up your argument with etiquette fascism, how about 
> pointing out a relevant RFC that backs up your [baseless] opinion that a 
> mailserver must accept messages from a site without reverse DNS?

Please, spare me your righteous anger.  You may continue to operate a
broken mail server.  I never said you couldn't.  I frankly don't care
who you don't get mail from.  My mistake for letting the other fellow
know what a bad idea it is.

- Ron

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Paul Theodoropoulos]

At 08:12 AM 03-27-2003, Ron Guerin wrote:
On Thu, 2003-03-27 at 11:05, Nick Harring wrote:

> Rather than questioning why we would refuse to accept from
> non-reversible hosts, why don't we ask why anyone would set a host up
> without reverse DNS?
Rather than question why you've deliberately broken your mail server, I
should explain to you why some people running legit servers don't comply
with your arbitrary requirements?
A better question is why I'm wasting my time trying to explain things to
someone who top-posts and sends HTML to mailing lists.
rather than trumping up your argument with etiquette fascism, how about 
pointing out a relevant RFC that backs up your [baseless] opinion that a 
mailserver must accept messages from a site without reverse DNS?

ever heard of RFC 2505? apparently not.

Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net 

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Rick Root]

I don't want to be rude or anything... but what does this thread have to 
do with vpopmail?

Please take your holy wars elsewhere.

The original poster should've emailed the people at Inter7 rather than 
this list.

Rick

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Paul Theodoropoulos]

At 08:01 AM 03-27-2003, Ron Guerin wrote:
On Thu, 2003-03-27 at 10:55, Nick Harring wrote:
> We currently run our hosted systems requiring reverse DNS and haven't
> really had any complaints about mail not being received. While there's
> no rule requiring reverse DNS, systems without it are much more likely
> to be spam originators in my experience with our system. The few
> systems I've come across that legitimately send mail but had broken
> reverse DNS were more than happy, and able, to fix it quickly and
> understood immediately the point of rejecting connections on such a
> condition.
If you've chosen to deliberately break your mail server like this, that
is of course your choice to make.  I just hope you've informed your
customers.
Please provide a reference to a requirement that a mailserver must accept 
mail from sources that do not have reverse DNS in place. For that matter, 
please provide a reference to a requirement that a mailserver must accept 
mail, regardless of reason.

It's one thing to say "if you've chosen to deliberately run your mail 
server like this",  it's entirely different to claim that a mailserver is 
"broken" by running it like this.



Paul Theodoropoulos
http://www.anastrophe.com
http://folding.stanford.edu
The Nicest Misanthrope on the Net 

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Matt Simerson]

Oh my, Nick top-posted. Quickly, someone call out the firing squad.

Where you choose to reply to in a message body is a matter of personal  
preference. It is NOT a breach of email etiquette to prefer a way other  
than your personal preference. In a list thread, many tend to prefer a  
top-post as it's assumed that they've already read the thread and thus  
no longer have a need for what follows, except possibly as a reference  
(hence the choice to include rather than snip it). The rules of email  
etiquette exist for the benefit of email users, not for anal retentive  
users to LART others with.

On to the matter of DNS blocks; we aren't going to agree on this  
matter. You consider my mail server broken. I consider it optimized. I,  
and many others, will continue to block connections from mail servers  
without reverse DNS. Live with it.

Per Arie's question on exactly what I block based upon, it's quite  
simple. Your reverse DNS must be set. Period. It doesn't have to match.  
Asking it to match would be, IMHO, a bad idea. The how is quite simple:

Contents of  ~vpopmail/etc/tcp.smtp

  1.127.:allow,RELAYCLIENT=""
  2.209.218.8.2:allow
  3.=:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
  4.:allow,RBLSMTPD="Blocked - Reverse DNS queries for your IP  
fail. You cannot send me mail."
  5.#:allow,RBLSMTPD="-Blocked - Reverse DNS queries for your IP  
fail. You cannot send me mail."

1. Obvious, allowing localhost to relay.
2. Allows traffic from the inter7 mailing list (with no reverse DNS)
3. Matches any mail message with reverse dns.
4. Matches what's left (no reverse DNS). By setting the RBLSMTPD  
environment variable, we actually get to pass a message back to the  
mail server we're blocking telling them why. That gives them a chance  
to fix it before the messages bounces.

They'll get a message like this in their mail logs:

   Mar 27 08:40:43 seattle qmail: 1048783243.397888 info msg 6469:  
bytes 258 from <[EMAIL PROTECTED]> qp 13226 uid 0
   Mar 27 08:40:43 seattle qmail: 1048783243.438981 starting delivery  
533: msg 6469 to remote [EMAIL PROTECTED]
   Mar 27 08:40:43 seattle qmail: 1048783243.979048 delivery 533:  
deferral:  
207.89.154.94_does_not_like_recipient./Remote_host_said:_451_Blocked_- 
_Reverse_DNS_queries_for_your_IP_failed._You_cannot_send_me_mail./ 
Giving_up_on_207.89.154.94./
   Mar 27 08:40:43 seattle qmail: 1048783243.979779 status: local 0/10  
remote 0/2

5. If you want to be a little more aggressive about it, use the 5th  
line instead of the fourth. Notice the '-' character in there. That  
tells rblsmtpd to return a permanent error (ie, don't try again!).

   Mar 27 08:42:40 seattle qmail: 1048783360.776812 info msg 6475:  
bytes 250 from <[EMAIL PROTECTED]> qp 13464 uid 0
   Mar 27 08:42:40 seattle qmail: 1048783360.805534 starting delivery  
534: msg 6475 to remote [EMAIL PROTECTED]
   Mar 27 08:42:41 seattle qmail: 1048783361.259737 delivery 534:  
failure:  
207.89.154.94_does_not_like_recipient./Remote_host_said:_553_Blocked_- 
_Reverse_DNS_queries_for_your_IP_fail._You_cannot_send_me_mail./ 
Giving_up_on_207.89.154.94./
   Mar 27 08:42:41 seattle qmail: 1048783361.269637 bounce msg 6475 qp  
13467
   Mar 27 08:42:41 seattle qmail: 1048783361.270564 end msg 6475

Notice that in the second case, the message bounces immediately. It's  
your mail server, you have to decide what policy you think is best.  
Bouncing messages seems to get more attention, and gets it faster than  
deferring connections.

That's all there is to it. Of course, that assumes you are running  
rblsmtpd as part of your smtp invocation.

Matt

On Thursday, March 27, 2003, at 11:12  AM, Ron Guerin wrote:

On Thu, 2003-03-27 at 11:05, Nick Harring wrote:

Rather than questioning why we would refuse to accept from
non-reversible hosts, why don't we ask why anyone would set a host up
without reverse DNS?
Rather than question why you've deliberately broken your mail server, I
should explain to you why some people running legit servers don't  
comply
with your arbitrary requirements?

A better question is why I'm wasting my time trying to explain things  
to
someone who top-posts and sends HTML to mailing lists.

- Ron

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Rick Romero]

Just because I feel like a smart-ass today.. 

I suppose the rule about top posting is 'posted' right next to the
reverse DNS one?

Look at that.. now it's all out of order.. :P

On Thu, 2003-03-27 at 10:12, Ron Guerin wrote:
> On Thu, 2003-03-27 at 11:05, Nick Harring wrote:
> 
> > Rather than questioning why we would refuse to accept from
> > non-reversible hosts, why don't we ask why anyone would set a host up
> > without reverse DNS?
> 
> Rather than question why you've deliberately broken your mail server, I
> should explain to you why some people running legit servers don't comply
> with your arbitrary requirements?
> 
> A better question is why I'm wasting my time trying to explain things to
> someone who top-posts and sends HTML to mailing lists.
> 
> - Ron

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Ron Guerin]

On Thu, 2003-03-27 at 11:05, Nick Harring wrote:

> Rather than questioning why we would refuse to accept from
> non-reversible hosts, why don't we ask why anyone would set a host up
> without reverse DNS?

Rather than question why you've deliberately broken your mail server, I
should explain to you why some people running legit servers don't comply
with your arbitrary requirements?

A better question is why I'm wasting my time trying to explain things to
someone who top-posts and sends HTML to mailing lists.

- Ron

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Nick Harring]

Title: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!





As I said, we've yet to receive more than a handful of complaints, and all of those have been from remote mail admins who've noticed bounces and conscientiously investigated them. When I explained to each what we're doing and why, and if needed how to fix their setup, they've all been happy they got their reverse DNS setup. 

Rather than questioning why we would refuse to accept from non-reversible hosts, why don't we ask why anyone would set a host up without reverse DNS?

Nicholas Harring
System Administrator
Webley Systems, Inc
877-609-4795



-Original Message-
From: Ron Guerin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 27, 2003 10:02 AM
To: vpopmail
Subject: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!



On Thu, 2003-03-27 at 10:55, Nick Harring wrote:
> We currently run our hosted systems requiring reverse DNS and haven't
> really had any complaints about mail not being received. While there's
> no rule requiring reverse DNS, systems without it are much more likely
> to be spam originators in my experience with our system. The few
> systems I've come across that legitimately send mail but had broken
> reverse DNS were more than happy, and able, to fix it quickly and
> understood immediately the point of rejecting connections on such a
> condition.


If you've chosen to deliberately break your mail server like this, that
is of course your choice to make.  I just hope you've informed your
customers.


- Ron

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Ron Guerin]

On Thu, 2003-03-27 at 10:55, Nick Harring wrote:
> We currently run our hosted systems requiring reverse DNS and haven't
> really had any complaints about mail not being received. While there's
> no rule requiring reverse DNS, systems without it are much more likely
> to be spam originators in my experience with our system. The few
> systems I've come across that legitimately send mail but had broken
> reverse DNS were more than happy, and able, to fix it quickly and
> understood immediately the point of rejecting connections on such a
> condition.

If you've chosen to deliberately break your mail server like this, that
is of course your choice to make.  I just hope you've informed your
customers.

- Ron

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Matt Simerson]

On Thursday, March 27, 2003, at 10:35  AM, Ron Guerin wrote:

On Thu, 2003-03-27 at 10:21, Matt Simerson wrote:
Apparently a server named "ns1.inter7.com" is doing the delivery for
the vchkpw mailing list. This wouldn't be a problem except that it
doesn't have reverse DNS.
I started blocking connections to my mail server from servers who 
don't
have DNS and my vpopmail and qmailadmin list traffic stopped.
You'll be losing a lot more legit mail than just this list if you do
that.
- Ron
I have managed several dozen mail systems supporting over 100,000 
users. I am not naive to that simple fact. However, this is my personal 
mail server and I've decided that if you can't set up DNS for your mail 
server properly, I don't want to receive mail from you. It's that 
simple.

In this case, I'm sure it's an oversight on the part of the Inter7 
guys. As soon as they get it straightened out, I'll be once again 
blocking connections from servers without reverse DNS. I'm writing a 
logging program that parses out log smtp logs and lets me know how many 
connections I've blocked, which rule blocked the connection (spamhaus, 
spamcop, rbl, reverse dns, etc), and the IP I blocked.

Matt

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Frank Tanner III]

It is becoming more and more prevalent that ISPs are
denying recipt of e-mails that do not have a reverse
DNS on their e-mail domains.  Mainly because of so
many spammers using forged headers.

--- Nick Harring <[EMAIL PROTECTED]> wrote:
> We currently run our hosted systems requiring
> reverse DNS and haven't really
> had any complaints about mail not being received.
> While there's no rule
> requiring reverse DNS, systems without it are much
> more likely to be spam
> originators in my experience with our system. The
> few systems I've come
> across that legitimately send mail but had broken
> reverse DNS were more than
> happy, and able, to fix it quickly and understood
> immediately the point of
> rejecting connections on such a condition.
> 
> Nicholas Harring
> System Administrator
> Webley Systems, Inc
> 877-609-4795
> 
> 
> -Original Message-
> From: Andrew Kohlsmith
> [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 27, 2003 9:47 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [vchkpw] Inter7 mail server doesn't
> have reverse DNS!
> 
> 
> > You'll be losing a lot more legit mail than just
> this list if you do
> > that.
> 
> Agreed.  There is no rule that demands reverse DNS. 
> It's a nicety and
> that's 
> it.
> 
> Regards,
> Andrew
> 

RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Nick Harring]

Title: RE: [vchkpw] Inter7 mail server doesn't have reverse DNS!





We currently run our hosted systems requiring reverse DNS and haven't really had any complaints about mail not being received. While there's no rule requiring reverse DNS, systems without it are much more likely to be spam originators in my experience with our system. The few systems I've come across that legitimately send mail but had broken reverse DNS were more than happy, and able, to fix it quickly and understood immediately the point of rejecting connections on such a condition.

Nicholas Harring
System Administrator
Webley Systems, Inc
877-609-4795



-Original Message-
From: Andrew Kohlsmith [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 27, 2003 9:47 AM
To: [EMAIL PROTECTED]
Subject: Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!



> You'll be losing a lot more legit mail than just this list if you do
> that.


Agreed.  There is no rule that demands reverse DNS.  It's a nicety and that's 
it.


Regards,
Andrew

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Andrew Kohlsmith]

> You'll be losing a lot more legit mail than just this list if you do
> that.

Agreed.  There is no rule that demands reverse DNS.  It's a nicety and that's 
it.

Regards,
Andrew

Re: [vchkpw] Inter7 mail server doesn't have reverse DNS!

[Ron Guerin]

On Thu, 2003-03-27 at 10:21, Matt Simerson wrote:
> Apparently a server named "ns1.inter7.com" is doing the delivery for 
> the vchkpw mailing list. This wouldn't be a problem except that it 
> doesn't have reverse DNS.
> 
> I started blocking connections to my mail server from servers who don't 
> have DNS and my vpopmail and qmailadmin list traffic stopped.

You'll be losing a lot more legit mail than just this list if you do
that.

- Ron

[vchkpw] Inter7 mail server doesn't have reverse DNS!

[Matt Simerson]

Apparently a server named "ns1.inter7.com" is doing the delivery for 
the vchkpw mailing list. This wouldn't be a problem except that it 
doesn't have reverse DNS.

I started blocking connections to my mail server from servers who don't 
have DNS and my vpopmail and qmailadmin list traffic stopped. After a 
day of no messages, I determined that by then I really *should* have 
had some messages arrive. I removed my DNS checks and voila, mailing 
list messages started flowing in.

Someone at Inter7 ought to have a look at that. Ken? Vol?

Matt

[EMAIL PROTECTED]:/var/log/mail/smtp # dig ns1.inter7.com.
;; ANSWER SECTION:
ns1.inter7.com. 2d23h56m3s IN A  209.218.8.2
[EMAIL PROTECTED]:/var/log/mail/smtp # dig -x 209.218.8.2

; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;  2.8.218.209.in-addr.arpa, type = ANY, class = IN
Delivered-To: mailing list [EMAIL PROTECTED]
Received: (qmail 60493 invoked by uid 85); 27 Mar 2003 14:15:27 -
Received: from [EMAIL PROTECTED] by 
cadillac.mi.us by uid 89 with qmail-scanner-1.15  (spamassassin: 2.44.  
Clear:SA:0(-0.5/10.0):.  Processed in 1.900033 secs); 27 Mar 2003 
14:15:27 -
Received: from unknown (HELO ns1.inter7.com) (209.218.8.2) by 
matt-serv2.cdlc.mi.voyager.net with SMTP; 27 Mar 2003 14:15:25 -