Security Basics mailing list archives
Re: educating rDNS violators
From: token <chip.gwyn () gmail com>
Date: Thu, 26 Aug 2004 03:29:57 -0400
On Wed, 25 Aug 2004 14:20:25 -0400, Derek Schaible <dschaible () cssiinc com> wrote:
On Wed, 2004-08-25 at 13:55, someone wrote:This becomes even further complicated if a company is hosting with somebody who provides "virtual domain" mail hosting. The server could be mail.somefamily.net, but have a reverse DNS entry that points to mail.myprovider.net. How is that invalid? Just because the records don't match doesn't make me a spammer!Mail servers should have correct DNS info. Forward and reverse. It is the sysadmin's responsibility to ensure that their systems are configured properly. Period.I wanted to respond to this point to the list before I get flooded with similar replies. True, such a situation does not make you a spammer but using a virtual domain will in no way impact the reverse DNS of the smtp server from which the email is delivered. Reverse DNS is not matching the address of the smtp server to the domain name in the email address. This would break many things like reply-to, etc. All it is doing is verifying that the server is who it claims to be. Virtual mail domains are not impacted. I run many virtual email domains as well for every website we host. These accounts can happily send mail through our company's SMTP server, arrive in tact and survive an rDNS lookup. -- Derek Schaible <dschaible () cssiinc com> CSSI, Inc.
Quick little note on what is actually happening in the above scenario. The e-mail server makes and SMTP connection to send the mail. The receiving server does a lookup for reverse dns on the ip address. It gets mail.mydomain.com, next the receiving SMTP looks for IP address for mail.mydomain.com and then makes sure the IP's match. If so, it delivers, if not, it rejects. This works with cluster type mail servers as well. --chip --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- educating rDNS violators SMiller (Aug 23)
- Re: educating rDNS violators token (Aug 24)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Message not available
- Re: educating rDNS violators Derek Schaible (Aug 25)
- RE: educating rDNS violators David Gillett (Aug 26)
- Re: educating rDNS violators token (Aug 26)
- RE: educating rDNS violators David Gillett (Aug 30)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators token (Aug 24)
- Re: educating rDNS violators Niek (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 30)
- Re: educating rDNS violators James Kelly (Aug 25)
- Re: educating rDNS violators Bryan S. Sampsel (Aug 25)
- Re: educating rDNS violators SMiller (Aug 26)
- Re: educating rDNS violators Derek Schaible (Aug 25)
- Re: educating rDNS violators Mark Reis (Aug 28)
- Re: educating rDNS violators Derek Schaible (Aug 30)