[SpamCop.net - protecting the internet through technology]

[SC-Help] Re: How to Handle Reverse Delegation for Muti-IP mail Host

Blammo ric.gates at bigsleep.org
Thu Jan 6 03:27:25 EST 2005 

On 05 Jan 2005 Will entered spamcop.help and left
news:crhbal$849$1 at news.spamcop.net: 

> The problem is that the *forward* lookup on host.mysite.com will give
> *two* IP addresses.   And what I am asking is will that cause problems
> for all of these virus checkers out there that are rejecting 1/2 the
> valid e-mail they receive from business correspondents based on some
> minute imperfection in the DNS record setup.    If most software will
> only use the host announcement by sendmail and a reverse IP lookup,
> then it is okay.   If software does a forward lookup and is not
> written to deal with more than one IP, then it could cause problems.
> 

That's interesting, but I don't think it should be a problem, not that I 
know a whole lot about DNS forward records. For example when Sendmail 
checks a connection it looks up the hostname for the connecting IP, then 
looks up the IP for that hostname. If they don't match it returns FORGED so 
that you may reject this type of mail...

${client_resolve}
    Holds the result of the resolve call for ${client_name}. Possible 
values are:

        OK resolved successfully
        FAIL permanent lookup failure
        FORGED forward lookup doesn't match reverse lookup
        TEMP temporary lookup failure

So you can block those with no PTR, or those that don't match,
Now I don't block this type of mail because some company servers don't have 
their own PTR, or more often they don't match. Their MX name may be 
mail.company.com but their PTR would be something like dsl-123.isp.com, and 
because they have dynamic addressing (actually I'm not sure why) the IPs 
(forward lookup) won't match. This forward lookup part is what I've been a 
little unclear on, usually when I check I get no IP at all. I'm going to 
look at that again and see if I can refresh my memory.

Another thing some servers do is to check the HELO name against the PTR, 
this also causes problems when the PTR record is their DSL name. A real 
effective way to block spam, but also blocks a lot of valid mail.
Normally this isn't a problem because Sendmail gets your fully qualified 
domain name by getting your host name using gethostname and then calling 
gethostbyname on the result. So you shouldn't have to define 
confDOMAIN_NAME. (BTW, I've noticed lately that many spams have the correct 
name there, so maybe they finally figured that out).

Will having two IPs cause the FORGED result mentioned above, which I think 
is what you are talking about? This shouldn't be a problem because 
according to the FAQ "If the client IP address does not appear in that 
list, then the may be forged tag is added", So it seems a list of IPs is 
returned and all are checked. If you end up having a problem you can 
correct that using DNS and Bind, I keep thinking I need to get that book - 
http://www.oreilly.com/catalog/dns4/
-- 
| Ric
|

More information about the SpamCop-Help mailing list