Joe Smith wrote:
> I'm using SpamAssassin 3.0 when I use whitelist_from_rcvd with domain
> names that reverse to only one possible domain it works just as it
> should. When the domain name is one that has multiple possibilities
> that it can reverse dns to then it doesn't work unless it happens to
> pick the domain name listed in my whitelist_rcvd_to entry.

This is a DNS resolver library/client (not sure which) issue more than
anything else;  although it's also due in part to some admin being
slightly less clueful that usual in issuing multiple PTR records for a
single IP in the first place.

> For example,
> if I create an entry for whitelist_from_rcvd [EMAIL PROTECTED]
> domain1.com but the server hosting domain1.com also hosts
> domain2.com, anotherdomain.com and anotherdomain.net, I have
> problems. Say the server that hosted email for the domain I wanted to
> whitelist had an ip of 123.123.123.1 and I did dig -x 123.123.123.1,
> it would give me all the various domains that that address is
> configured for.

dig will, but many other resolvers won't- or at least, they'll just
return one random entry in much the same way they would return one IP
from a round-robin forward DNS lookup.

> Do I need to specify the IP address of the
> server using multiple dns entries to get whitelist_from_rcvd to work

You can try, but I don't think this will work.

> or should this not be an issue and I need to look at other reasons
> why this particular domain is causing problems.

:/  You need to contact the person/organization responsible for rDNS for
that IP, and get them to remove the multiple entries- preferably putting
in something like "hosted-rmx.hostingcompany.com" rather than the
multiple PTR records you're seeing now.

I don't recall if it's formalized in an RFC somewhere, but while any
number of domains can point to the same IP, the rDNS for that IP
*should* only point to ONE hostname - that hostname should be the FQDN
of that physical machine.

In the meantime, you'll have to work around this with custom local rules
that manually implement whitelist_from_rcvd functionality based on the
IP.  Or, just add whitelist_from_rcvd entries for each of the rDNS names
you see for this IP.

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

Reply via email to