Reverse DNS and MTA auth

Chris McCluskey chrism at xnewmedia.com
Fri May 19 05:53:06 UTC 2000 

So what woudl happen if you are running a set of machines, or mail servers
for that matter, that serve multiple domains. Since based on what I have
seen you can only have one PTR record for each address. If the PTR record
is set to foobar.org and the MTA is acting for neat-o.com, then the
neat-o.com message would be dropped, correct?


On Thu, 18 May 2000, John Coutts wrote:

> As far as you providing services to the outside world, there is no problem. The 
> problem occurs when you (or anyone on your network) wants to access services 
> that require a domain or node name verification. These include some educational 
> institutions, some download sites, and many email servers (including ours). To 
> protect against spammers using ficticious return addresses to access the mail 
> server directly, the server does a reverse lookup on the the sending IP to 
> verify that the domain name corresponds to the domain name in the return 
> address. If it doesn't, it returns the email. Since implementing this feature, 
> spam of this type has dropped to zero at our location.
> 
> J.A. Coutts
> Systems Engineer
> Edsonet/TravPro
> *************** SEPARATER **************
> In article <01BFC074.F2F44FA0.gwardell at Yeshua.cc>, gwardell at Yeshua.cc says...
> >
> >Hi,
> >
> >But in my case, and the reason I posed this question, I have a few services 
> >running, one of them being a mail server running at mail.yeshua.cc.
> >
> >The ISP I am currently at has virtually nothing in the in-addr.arpa for the 
> >class C block than my 16 ips are in.
> >
> >Another ISP that I talked to, thinking of moving, said that they don't 
> >delegae and that they wouldnlt put my mserver name in either.  That they 
> >only use generic name like dsl.max63.isp.net.  While my forward would be 
> >mail.yeshua.cc which also apears on my MX.  The second ISP almost guranteed 
> >that I wouldn't have any trouble with their setup.
> >
> >So. if the reciveing MTA is checking for a matchiung name in the MX record 
> >and the existance of a reversx PTR then I'm ok, right?
> >
> >BTW, I think your right that my current upstream ISP doesn't have a clue 
> >about several things.
> >
> >Gary
> >
> >
> 
> 
> 
>

More information about the bind-users mailing list