On 2/10/2011 2:30 PM, Michael Scheidell wrote:
host mx1.res.cisco.com
mx1.res.cisco.com has address 208.90.57.13
$ host 208.90.57.13
13.57.90.208.in-addr.arpa domain name pointer mx1.res.cisco.com.
looks fine to me, why does this look to SA like a dynamic ip?
(TRIGGERED RDNS_DYNAMIC.)
what, because of 'res' in it? yes, they SHOUTED AT THE RECIPIENT, AND I
EXPLAINED DON'T DO THAT IN SUBJECT LINE, its rude.
The RDNS_DYNAMIC rule might be better to be replaced by the more precise
S25R-based patterns in KHOP_DYNAMIC. Care enough? Please file a bug
and look into the relative results of the masschecks to start an analysis.
Warren
