reverse dns configuration for IPV4, IPV6+ dns+ mail ?
Reindl Harald
h.reindl at thelounge.net
Mon Jun 19 13:14:09 UTC 2017
Am 19.06.2017 um 15:00 schrieb Matus UHLAR - fantomas:
>>> On 19.06.17 01:05, Reindl Harald wrote:
>>>> it's nearly always misleading and results in randomness on the
>>>> receiving server which name get logged and if A/PTR matches
>>>>
>>>> normally you should always have:
>>>>
>>>> * IP with *one* PTR
>>>> * the A-Record for the PTR matches
>
> these two are correct.
>
>>>> * smtp_helo_name of your MTA matches the same name
>
> this one is incorrect and my next comment applies only to this one:
does it harm? NO
is it easy to achive? YES
can it be used for scoring on a spamfilter? YES
>> anyways, with 2 PTR records for the same IP on servers with
>> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
>> you play lottery because one time it's logged as unknown and the other
>> time as matching, the unknown cases would trigger
>> reject_unknown_client_hostname
>
> Actually, this would only happen when one of the A/AAAA records didn't
> exist.
> Having two PTR records with valid A/AAAA would only confuse people because
> they could see different one each time client connects, but doesn't break
> anything (only dns-based acl's)
this NOT true for all cases
FRANKLY i have seen enough *real world* postfix rejects caused by
"check_reverse_client_hostname_access" because the idot on the other
side had "mail.example.com" AND the old
"my-provider-xx.xx.xx.xx-dyn.crap" PTR where one time
"check_reverse_client_hostname_access" was fine because it dealed with
the "mail.example.com" and the next mail was rejected by match
"my-provider-xx.xx.xx.xx-dyn.crap"
in all of these cases just remove the old useless generic PTR would have
solved the problem from the start
so please inform yourself and do tests.....
More information about the bind-users
mailing list