NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-07

Re: reverse mapping

From: David H. Wolfskill (David_Wolfskilltrendmicro.com)
Date: Tue Jul 03 2007 - 20:24:47 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 03, 2007 at 09:06:55PM -0400, Brock Palen wrote:
>....
>How much trouble will I have that the MX record for domain2.com point
>to a A record and the reverse for that same ip be a different name.
>Does this reak of spoofing?
>
>I have had no complaints for lost mail or users mail being rejected
>(or just disappearing) Per the comment about 'you have to play with
>the big guys' Last thing i want to do is upset my users. Your much
>more experienced input is requested.
>Thank-you in advance.

This may not qualify as relevant to "playing with the big guys," but one
of my other roles is postmasterFreeBSD.org, which uses Postfix in its
email infrastructure.

The salient requirements in place for mail to be accepted by
mx1.freebsd.org are:

* the IP address of the SMTP client must "reverse-resolve" to a
hostname and

* the hostname thus obtained must resolve to a set of IP addresses,
one of which must match the IP address currently being used by
the SMTP client and

* the (fully-qualified) hostname given in the SMTP conversation
(either HELO or EHLO) must resolve a set of IP addresses, one of
which must match the IP address of the client.

Note that this permits mail to be accepted even if the PTR record in
the in-addr.arpa zone yields a hostname other than the one used by the
SMTP client -- as long as the hostname obtained via the PTR record has
an A record that is consistent with the PTR record, and as long as the
SMTP client is reasonable about the hostname it announces in EHLO/HELO.

[No, I can't claim credit for setting this up; that was done prior to
my tenure with the FreeBSD project.]

Peace,
david (not writing on behalf of Trend Micro or anyone else)
--
David Wolfskill Trend Micro San Jose dhwmail-abuse.org
cell: (650) 400-2312 office: (408) 625-1076 or (408) 453-6277 x124

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iEYEARECAAYFAkaK9t4ACgkQ8BAuT70V4ALINQCgiqgTtoVKy8p8ZKuK8BQSNjM5
Nb8An1JjKRtN7TCswDGFoRllFKNVh7Cn
=qbuO
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]