RE: [Nolug] running a mail server with a Cox account

From: John Souvestre <johns_at_sstar.com>
Date: Tue, 12 Aug 2003 13:07:34 -0500
Message-ID: <018e01c360fc$9b22cc80$02b3cdd1@JohnS>

Hi Mark.

Yes, your example is correct.

I'd love to see a large ISP do the reverse test. It would indeed make
everyone get their reverse DNS set up. They have that much clout. I don't,
so if I were to do this it would just end up upsetting my users to no real
advantage.

John

    John Souvestre - Southern Star - (504) 888-3348 - www.sstar.com

-----Original Message-----
From: owner-nolug@joeykelly.net [mailto:owner-nolug@joeykelly.net] On Behalf
Of Mark A. Hershberger
Sent: Monday, August 11, 2003 10:43 PM
To: nolug@joeykelly.net
Subject: Re: [Nolug] running a mail server with a Cox account

"John Souvestre" <johns@sstar.com> writes:

>>>> Note that it probably would have been okay for smtp.example.com to
> identify itself as barney.example.com. One machine can have many names
> assigned to it. The problem comes when a machine is identifying itself as
> belonging to two separate domains, which really isn't common or proper in
> email headers.
>
> Here he admits that one machine can have many names. Does he think that
it
> is illegal to use them? What domain each of the names is in has nothing
at
> all to do with the issue - either two names "match" or they don't (as per
> his initial claim).

To solve this:

   Client sends "HELO mail.everybody.org"

   Server looks up "mail.everybody.org" and finds the IP 66.93.249.201

   Server sees that the sender is indeed 66.93.249.201 and does a
     reverse lookup. It finds "superman.everybody.org".

   Just to be doubly sure, it checks "superman.everybody.org" and
     finds 66.93.249.201.

The identity of the host has been verified. Most people don't bother
with that many lookups... but they could if they really wanted to.

This would work if I identified as any of a dozen domains that
resolve to the IP address.

> Indeed, some mail servers do this reverse test, but not many. There are
FAR
> too many faulty DNS setups out there where IP's don't reverse. So ISP's
> don't apply this test. That's the real world. The mail must flow! :-)

But, if a large ISP like AOL does these checks, it is quite likely
that the ISPs will make sure that their mail servers have a correct
and functional reverse DNS.

Mark.
___________________
Nolug mailing list
nolug@nolug.org

___________________
Nolug mailing list
nolug@nolug.org
Received on 08/12/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST