Re: question on ptr rr

[<garrett.allen () comcast net>]

the package in question (and maybe others do as well) has the option to
perform the reverse you describe.  we tried the milder version first which
only verifies the ip sending the packets has a ptr - no domain xref.  our
upstream provider is our alternate mx (with a higher pref, of course).  any
mail they accept and forward to us would fail under the more restrictive
version of reverse (for example, say we were down for maint.).  at least
that is my understanding after speaking with the software vendors
development team.

thanks.
----- Original Message ----- 
From: "Andrew - Supernews" <andrew () supernews net>
To: <nanog () merit edu>
Sent: Sunday, February 08, 2004 4:01 PM
Subject: Re: question on ptr rr


> > > > > > "Paul" == Paul Vixie <vixie () vix com> writes:
>
>  Paul> that's one check of many.  the PTR has to match the HELO, which
>  Paul> means all of the worms and spammers who forge @yahoo.com
>  Paul> addresses and use YAHOO.COM as their HELO will continue to get
>  Paul> hammered.
>
> If you're going to get picky about HELO names, then it's better to
> require that the HELO has an A record pointing to the connecting IP,
> rather than look at PTR.
>
> -- 
> Andrew, Supernews
> http://www.supernews.com