>From: Reindl Harald <h.rei...@thelounge.net> >Sent: Tuesday, November 24, 2015 1:01 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE
>Am 24.11.2015 um 19:47 schrieb David Jones: >> Could this be dependent on the MTA used? I am using Postfix >> which puts in Received headers like this: >> >> Received: from econnect.dmsgs.com (unknown [8.224.216.57]) >> >> That IP has a PTR record but it doesn't match the SMTP HELO of >> econnect.dmsgs.com so Postfix is putting in the 'unknown' causing >> the RDNS_NONE hit on more than just no rDNS. >> >> This has been true for years in my SpamAssassin platform >> filtering about 95K mailboxes so in my case, the RDNS_NONE >> does mean a FCrDNS (full circle DNS) check failed and the wiki >> is correct. >> >> Maybe this SA rule works differently on other MTAs >and that is why i call it harmful to completly rely on the Received >header instead doing the DNS lookup based on the IP which would have a >lot of advantages: >* less error prone >* even when the MTA had a timeout a chance that this > DNS rqeuest get answered properly, the MTA treats > a timeout *completty* different and would *not* > reject a mail if the answer is not an NXDOMAIN even > if it is configured for reject clients without a PTR >* SpamAssassin has *no clue* what the "unknown" means > it could have been a timeout or a NXDOMAIN >disadvantages - zero - there is no overhead for a chached DNS query I agree with you if the SA server is configured with a local caching DNS server that is not forwarding and the /etc/resolv.conf is pointing to 127.0.0.1. We have seen a number of people ask for help on this mailing list because their DNS was not setup like this which means SA would generate a lot more queries to the ISP or Internet DNS servers compounding the problem with free usage limits on some RBLs.
