Reverse DNS and MTA auth
Chris McCluskey
chrism at xnewmedia.com
Fri May 19 05:53:06 UTC 2000
So what woudl happen if you are running a set of machines, or mail servers
for that matter, that serve multiple domains. Since based on what I have
seen you can only have one PTR record for each address. If the PTR record
is set to foobar.org and the MTA is acting for neat-o.com, then the
neat-o.com message would be dropped, correct?
On Thu, 18 May 2000, John Coutts wrote:
> As far as you providing services to the outside world, there is no problem. The
> problem occurs when you (or anyone on your network) wants to access services
> that require a domain or node name verification. These include some educational
> institutions, some download sites, and many email servers (including ours). To
> protect against spammers using ficticious return addresses to access the mail
> server directly, the server does a reverse lookup on the the sending IP to
> verify that the domain name corresponds to the domain name in the return
> address. If it doesn't, it returns the email. Since implementing this feature,
> spam of this type has dropped to zero at our location.
>
> J.A. Coutts
> Systems Engineer
> Edsonet/TravPro
> *************** SEPARATER **************
> In article <01BFC074.F2F44FA0.gwardell at Yeshua.cc>, gwardell at Yeshua.cc says...
> >
> >Hi,
> >
> >But in my case, and the reason I posed this question, I have a few services
> >running, one of them being a mail server running at mail.yeshua.cc.
> >
> >The ISP I am currently at has virtually nothing in the in-addr.arpa for the
> >class C block than my 16 ips are in.
> >
> >Another ISP that I talked to, thinking of moving, said that they don't
> >delegae and that they wouldnlt put my mserver name in either. That they
> >only use generic name like dsl.max63.isp.net. While my forward would be
> >mail.yeshua.cc which also apears on my MX. The second ISP almost guranteed
> >that I wouldn't have any trouble with their setup.
> >
> >So. if the reciveing MTA is checking for a matchiung name in the MX record
> >and the existance of a reversx PTR then I'm ok, right?
> >
> >BTW, I think your right that my current upstream ISP doesn't have a clue
> >about several things.
> >
> >Gary
> >
> >
>
>
>
>
More information about the bind-users
mailing list