Am 24.11.2015 um 19:47 schrieb David Jones:
Could this be dependent on the MTA used? I am using Postfix which puts in Received headers like this: Received: from econnect.dmsgs.com (unknown [8.224.216.57]) That IP has a PTR record but it doesn't match the SMTP HELO of econnect.dmsgs.com so Postfix is putting in the 'unknown' causing the RDNS_NONE hit on more than just no rDNS. This has been true for years in my SpamAssassin platform filtering about 95K mailboxes so in my case, the RDNS_NONE does mean a FCrDNS (full circle DNS) check failed and the wiki is correct. Maybe this SA rule works differently on other MTAs
and that is why i call it harmful to completly rely on the Received header instead doing the DNS lookup based on the IP which would have a lot of advantages:
* less error prone * even when the MTA had a timeout a chance that this DNS rqeuest get answered properly, the MTA treats a timeout *completty* different and would *not* reject a mail if the answer is not an NXDOMAIN even if it is configured for reject clients without a PTR * SpamAssassin has *no clue* what the "unknown" means it could have been a timeout or a NXDOMAIN disadvantages - zero - there is no overhead for a chached DNS query
signature.asc
Description: OpenPGP digital signature