Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Qmail: users

reverse dns issues

  

 
Qmail users RSS feed   Index | Next | Previous | View Threaded


payal-qmail at scriptkitchen

Mar 6, 2008, 4:11 AM

Post #1 of 7 (3091 views)
Permalink
reverse dns issues
Hello,
To cut out spam, I am blocking mails from servers with no reverse DNS.
This was done by giving -vDRp option to tcpserver and populating
tcp.smtp like below.
=:allow
:allow,RBLSMTPD="-Bad RDNS"

This seemed to work fine for a few months but one day while doing
routine checks, I found lines like below and out of curiosity did a rdns
check immediately, but found that they had proper rdns configured.

rblsmtpd: 122.164.54.244 pid 89340: 553 Bad RDNS
rblsmtpd: 196.205.163.201 pid 89339: 553 Bad RDNS


What seems to be wrong?

Regards,
Payal


safari-qmail at safari

Mar 6, 2008, 4:31 AM

Post #2 of 7 (2945 views)
Permalink
Re: reverse dns issues [In reply to]
On Thu, Mar 06, 2008 at 04:11:28 -0800, Payal Rathod wrote:
> Hello,
> To cut out spam, I am blocking mails from servers with no reverse DNS.
> This was done by giving -vDRp option to tcpserver and populating
> tcp.smtp like below.
> =:allow
> :allow,RBLSMTPD="-Bad RDNS"
>
> This seemed to work fine for a few months but one day while doing
> routine checks, I found lines like below and out of curiosity did a rdns
> check immediately, but found that they had proper rdns configured.

No, they didn't.
Read tcpserver docs again.

> rblsmtpd: 122.164.54.244 pid 89340: 553 Bad RDNS
> rblsmtpd: 196.205.163.201 pid 89339: 553 Bad RDNS
>
>
> What seems to be wrong?

Their DNS.

> Regards,
> Payal

--


traef at ebasedsecurity

Mar 6, 2008, 5:01 AM

Post #3 of 7 (2938 views)
Permalink
RE: reverse dns issues [In reply to]
> Subject: reverse dns issues
>
> Hello,
> To cut out spam, I am blocking mails from servers with no reverse DNS.
> This was done by giving -vDRp option to tcpserver and populating
> tcp.smtp like below.
> =:allow
> :allow,RBLSMTPD="-Bad RDNS"
>
> This seemed to work fine for a few months but one day while doing
> routine checks, I found lines like below and out of curiosity did a
> rdns
> check immediately, but found that they had proper rdns configured.
>
> rblsmtpd: 122.164.54.244 pid 89340: 553 Bad RDNS
> rblsmtpd: 196.205.163.201 pid 89339: 553 Bad RDNS
>
>
> What seems to be wrong?
>
> Regards,
> Payal
>
[Tom Replied With:]

I used that setup as well and found it had a high block rate - too high. It blocks many legitimate emails because not everyone has their reverse DNS setup properly.

What are you using to check the reverse DNS?

Thomas J. Raef
e-Based Security, LLC
http://www.ebasedsecurity.com
traef [at] ebasedsecurity
1-866-251-5803

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date: 3/4/2008 8:35 AM


kyle-qmail at memoryhole

Mar 6, 2008, 7:24 AM

Post #4 of 7 (2946 views)
Permalink
Re: reverse dns issues [In reply to]
On Thursday, March 6 at 04:11 AM, quoth Payal Rathod:
>To cut out spam, I am blocking mails from servers with no reverse
>DNS. This was done by giving -vDRp option to tcpserver and populating
>tcp.smtp like below.
>=:allow
>:allow,RBLSMTPD="-Bad RDNS"
>
>This seemed to work fine for a few months but one day while doing
>routine checks, I found lines like below and out of curiosity did a rdns
>check immediately, but found that they had proper rdns configured.
>
>rblsmtpd: 122.164.54.244 pid 89340: 553 Bad RDNS
>rblsmtpd: 196.205.163.201 pid 89339: 553 Bad RDNS
>
>What seems to be wrong?

Well, let's see. When tcpserver does it's reverse-dns lookup (to fill
$TCPREMOTEHOST), it will get:

$ dnsname 122.164.54.244
abts-tn-dynamic-244.54.164.122.airtelbroadband.in

And then when tcpserver does the -p ("paranoid") lookup:

$ dnsip abts-tn-dynamic-244.54.164.122.airtelbroadband.in

$

That's not good; let's try a different tool:

$ host abts-tn-dynamic-244.54.164.122.airtelbroadband.in
Host abts-tn-dynamic-244.54.164.122.airtelbroadband.in not found:
3(NXDOMAIN)

That name fails to resolve. Thus, the $TCPREMOTEHOST variable will be
removed, because you told tcpserver to be paranoid.

It looks like tcpserver is doing precisely what you told it to. What
seems to be the problem?

~Kyle
--
To invent, you need a good imagination and a pile of junk.
-- Thomas Jefferson


payal-qmail at scriptkitchen

Mar 6, 2008, 7:43 AM

Post #5 of 7 (2942 views)
Permalink
Re: reverse dns issues [In reply to]
On Thu, Mar 06, 2008 at 09:24:14AM -0600, Kyle Wheeler wrote:
> $ dnsname 122.164.54.244
> abts-tn-dynamic-244.54.164.122.airtelbroadband.in

I did that. Also checked http://postmaster.aol.com/tools/rdns.html which
says that the IP has Reverse DNS.

> And then when tcpserver does the -p ("paranoid") lookup:
>
> $ dnsip abts-tn-dynamic-244.54.164.122.airtelbroadband.in

You mean I don't require the -p switch?

Regards,
Payal


kyle-qmail at memoryhole

Mar 6, 2008, 7:59 AM

Post #6 of 7 (2943 views)
Permalink
Re: reverse dns issues [In reply to]
On Thursday, March 6 at 07:43 AM, quoth Payal Rathod:
>On Thu, Mar 06, 2008 at 09:24:14AM -0600, Kyle Wheeler wrote:
>> $ dnsname 122.164.54.244
>> abts-tn-dynamic-244.54.164.122.airtelbroadband.in
>
>I did that. Also checked http://postmaster.aol.com/tools/rdns.html which
>says that the IP has Reverse DNS.
>
>> And then when tcpserver does the -p ("paranoid") lookup:
>>
>> $ dnsip abts-tn-dynamic-244.54.164.122.airtelbroadband.in
>
>You mean I don't require the -p switch?

It depends on what you're trying to get it to do. If you want to
ensure that the reverse name is valid, then you do require the -p
switch. If you don't care whether the reverse name is valid or not,
then you don't need the -p switch.

~Kyle
--
The sacred rights of mankind are not to be rummaged for, among old
parchments, or musty records. They are written, as with a sun beam in
the whole volume of human nature, by the hand of the divinity itself;
and can never be erased or obscured by mortal power.
-- Alexander Hamilton, 1775


safari-qmail at safari

Mar 6, 2008, 8:23 AM

Post #7 of 7 (2935 views)
Permalink
Re: reverse dns issues [In reply to]
On Thu, Mar 06, 2008 at 07:43:22 -0800, Payal Rathod wrote:
> On Thu, Mar 06, 2008 at 09:24:14AM -0600, Kyle Wheeler wrote:
...
> > And then when tcpserver does the -p ("paranoid") lookup:
> >
> > $ dnsip abts-tn-dynamic-244.54.164.122.airtelbroadband.in
>
> You mean I don't require the -p switch?

-p can be used as an idiot filter, to reduce amount of spam
from hosts like
64.215.121.20=cm-64-215-121-20.cpe-dynamic.cableonda.net.121.215.64.in-addr.arpa
222.253.215.83=localhost
200.7.21.74=notekinne.discoverer.local
209.0.49.20=alameda.net.has.not.owned.this.ip.for.more.then.four.years

abts-tn-dynamic-244.54.164.122.airtelbroadband.in does not have
correctly configured DNS, because either 1) airtelbroadband.in admins
do not know what they are doing, or 2) they did not add A record
for abts-tn-dynamic-244.54.164.122.airtelbroadband.in on purpose,
so that crap from their customers is easier to reject.

--

Qmail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.