[Mimedefang] OT: DNS sanity check

John Rudd john at rudd.cc
Wed Jul 4 13:41:25 EDT 2007


There is a "Best Practices" RFC, RFC 1912, which says in section 2.1
that you should have matching A and PTR records.  Further, it says that
if you don't, you should expect to have some service denials from other
sites.  That's probably what you're experiencing.  Someone is requiring
that you follow this best practice.


Let me guess: AOL is the refusing ISP?

They've had this as a standard policy for quite a while.


(that is part of what the basis of my Botnet SpamAssassin module came
from, and at one point I think I also posted code here that I was using
to do the same type of rejection in MIMEDefang)


alan premselaar wrote:

> I've been scouring thru RFCs trying to find specific information about
> this to no avail.
> 

...

> 
> the problem I'm told by the ISP is that they're rejecting mail from my
> machines because:
> 
> a) machine #1 doesn't have a reverse DNS PTR record defined
> b) machine #2 has a PTR record defined, but it doesn't match the forward
> A record
> 
> I can *kind of* understand why they would reject a connection from a
> machine with no PTR record, although since outgoing-only mail servers
> are valid, they shouldn't necessarily require a PTR record, right?
> 
> what gets me is, is there actually any requirement that the A record and
> the PTR record for a host match? i'm under the impression that they are
> unreasonably rejecting mail but I just want to get a sanity check before
> i start screaming at them (it's been a long day).
> 
> so, any information, assistance, references to RFCs, etc. would be
> greatly appreciated.
> 




More information about the MIMEDefang mailing list