On 13 May 2016, at 15:29, Daniel J. Luke wrote:
On May 13, 2016, at 2:26 PM, Kim Roar Foldøy Hauge <k...@samfunnet.no>
wrote:
This is NOT a practical solution. You can't expect administrators to
know about this problem, some styles of hostnames not playing well
with SA.
Note that this isn't just a 'spamassassin' issue. You will likely
experience delivery problems to many hosts as long as your dns or rdns
'looks like' a dynamic system.
While you are at it, make sure your forward and reverse dns match.
1. Use of generic 2nd person is really inappropriate here. The DNS
involved isn't under the control of anyone in the conversation, so even
if we stipulate that something about the naming is bad and/or wrong,
there's no "you" here responsible for any error.
2. The original case in question of webmail-201.76.63.163.ig.com.br has
a perfectly find A record resolving to 201.76.63.163, which has a PTR
resolving back to webmail-201.76.63.163.ig.com.br. So the HELO name is
perfectly consistent with DNS. Nothing to fix there.
3. Yes, as a practical matter a mail system architect should be aware of
the fact that names which obviously embed IP addresses are viewed with
suspicion and avoid them. That's not an issue of principle, it is an
issue of recognizing the pragmatic fact that Sturgeon's Law applies to
the population of people deploying heuristic spam filters. A competing
pragmatic constraint: devising a scalable simple naming scheme for a
complex mail system with functionally identical machines whose only
obvious differentiator is each one's unique IP address.
4. The fact that SA is probably not alone in detecting that as a dynamic
name is no excuse. Note the relevant rule definition:
meta HELO_DYNAMIC_IPADDR (__HELO_DYNAMIC_IPADDR &&
!HELO_STATIC_HOST)
So a framework is already in place by which exceptions are made to the
blanket arbitrary commandment that "Thou Shalt Not Embed IPs In Outbound
Mail Server Names!" Currently that's trivial: there's one exception, for
cmr-[IP].rogers.com names. I see no reason not to add an exception for
webmail-[IP].ig.com.br names, as there is clearly an intent by whoever
created HELO_DYNAMIC_IPADDR to make it smarter than your average random
mail admin writing regexes.