[GRLUG] SMTP reverse DNS validation

Dave Chiodo megadave at gmail.com
Thu Apr 23 12:28:09 EDT 2015


Its less about what the MX record, that it is about whatever server
the SMTP connection is originating from. (Some email services use one
set of servers as MX for receiving INbound mail, and a completely
different set of servers for sending OUTbound mail)

The verification starts with getting the PTR for the IP address.

Then, looking up A records for whatever name(s) are returned from the
PTR record.

In this case, NEITHER of the names given for the PTR record have an A record.

The one missing the ".com" is of course invalid, and there is NO A
record for the other:

$ dig 67-221-227-25.xiolink.com

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10651

On Thu, Apr 23, 2015 at 12:14 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> On Thu, 23 Apr 2015, Mark Farver wrote:
>
>> Not sure what you are saying...did you get more than one result to a PTR
>> lookup?  Can you paste dig output displaying the condition?
>>
> MX
> crownpack.com.          2841    IN      MX      10 cpbsvf01.crownpack.com.
>
> ;; ADDITIONAL SECTION:
> cpbsvf01.crownpack.com. 2841    IN      A       67.221.227.25
>
> ;; ANSWER SECTION:
> 25.227.221.67.in-addr.arpa. 3600 IN  PTR     cpbsvf01.crownpack.
> 25.227.221.67.in-addr.arpa. 3600 IN  PTR     67-221-227-25.xiolink.com.
>
>> Requiring anything beyond the existence of a PTR record on an incoming
>> message is problematic.  You can certainly give positive score to a machine
>> with valid and identical forward and reverse records but many legitimate
>> senders will not have that.
>>
> They may be a legitimate sender, .. but an invalid reverse DNS PTR does
> indicate they may *not* be legitimate and our email servers are configured
> to reject.
>
> The problem is that MXToobox only checks for the existance of a PTR record
> and does not match the hostname. I have since found a way to accurately
> show the discrepancy: http://www.debouncer.com/reverse-dns-check
>
>         TFTR!
>
>         Lee
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug


More information about the grlug mailing list