Prev: GUI replacement for Sendmail Pro?
Next: Security of rsync (was Re: GUI replacement for Sendmail Pro?)
From: Ole Hansen on 7 Mar 2010 20:34
On 05-Mar-10 04:29, Simon wrote:
> On Mar 5, 3:46 pm, "D. Stussy" <spam+newsgro...(a)bde-arc.ampr.org>
> wrote:
>> "Simon" <simon1...(a)gmail.com> wrote in message
>>
>> news:b4793bee-359a-4ee6-a476-15b751d3924e(a)c37g2000prb.googlegroups.com...
>>
>>> I have some questions on rDNS.
>>
>>> Q1.
>>> Which domain will Sendmail use to check against the receiving IP
>>> address for reverse DNS lookup? The domain in sender's address or the
>>> envelop from address?
>>
>> Neither. It takes the IP address and fetches the PTR record(s). Then, it
>> takes each label and fetches the address records (A or AAAA). If it finds
>> a match to the IP address it started with, that's a pass.
>>
>>> Q2.
>>> If there is a reply-to header within the message, which domain will it
>>> use for reverse DNS lookup? Still the sender's domain or the reply-to
>>> header's domain?
>>
>> Doesn't make a difference.
>>
>>> Q3.
>>> What will Sendmail do if it fails to match the reverse DNS? will it
>>> drop the message silently or sending a bounce back message to sender
>>> to notify on rejecting the message?
>>
>> Whatever you told it to do. It may drop or reject. Only idiots run the
>> check after message acceptance.
>>
>>
>>
>>> And if a bounce back message is sent, which address will it be
>>> sending? The sender's address, the envelop from address, or the reply-
>>> to address?- Hide quoted text -
>>
>> - Show quoted text -
>
> Stussy,
>
> Many thanks for your reply. Regarding Q1,
>
> - Does it means Sendmail using the "relay" IP address to fetch the PTR
> record?

I guess it's called the "client IP address". It is the address from
where the connection is made.

> - If the sender's mail server does not set up the PTR record, will the
> checking failed even if it is a legitimate email (not a spam)?

Yes. How would the test for PTR be able to tell spam from ham anyway?

The idea is that almost all mail that comes from hosts without a PTR
record in DNS (=without rDNS) is spam, usually from bots on home
machines on dynamically assigned IPs. If you have mail coming from
hosts without rDNS that is legitimate, you can whitelist them in the
access database. (With a line like: Connect:12.100.200.10 OK) Those
senders should fix their rDNS in any case - in this day and age, anyone
who sends mail from machines without rDNS can expect serious
deliverability problems. If a lot of people send you legitimate mail
from hosts without rDNS, or you worry that that may happen, you will
have to live without an rDNS test.

> - What do you mean by "each label"?

I guess he meant the PTR record, the result of the rDNS lookup.

> - Do you mean Sendmail will look for all domains to get the address
> record (A) and compare with the "relay" IP ?
>

I guess the answer is yes.

Two lookups are done: Client IP address -> PTR record ("host name",
"label") -> A (or AAAA)
address.

This is also called forward-confirmed reverse DNS:
http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

If the client address is equal to the A/AAAA address in the
second lookup, the client is considered to have a "good" host name. In
that case, and only then, the sendmail macro {client_name} is set to the
result of the PTR lookup. Otherwise the client name is marked "may be
forged".

I am not sure what you mean by "all domains". If there are multiple
results for either lookup (i.e. multiple PTR records for the address, or
multiple A records for the name), I think sendmail uses only the first
response it gets, and that may then vary with every lookup (depending on
the DNS resolver). In such a case, the behavior may become
unpredictable. The client sometimes has a "good" name, sometimes not. It
means that the sending site has misconfigured their mailserver's DNS and
had better fix it. Again, whitelisting the site's IP address (not their
name) is a workaround you can use at the receiving end.

Ole
From: Ole Hansen on 7 Mar 2010 21:37
On 07-Mar-10 20:34, Ole Hansen wrote:
> If you have mail coming from
> hosts without rDNS that is legitimate, you can whitelist them in the
> access database.

Sorry for the poor English. I meant:

If you have legitimate mail coming from hosts without rDNS, you can
whitelist them in the access database.

(Whitelisting will bypass sendmail's rDNS test.)

Ole
From: Michael on 17 Mar 2010 21:06

"Simon" <simon1212(a)gmail.com> wrote in message
news:b4793bee-359a-4ee6-a476-15b751d3924e(a)c37g2000prb.googlegroups.com...
>I have some questions on rDNS.
>
> Q1.
> Which domain will Sendmail use to check against the receiving IP
> address for reverse DNS lookup? The domain in sender's address or the
> envelop from address?
>

rDNS checks for a PTR record for the connecting IP address, it does not
check ANY domain addresses, that is a forward lookup function.

> Q2.
> If there is a reply-to header within the message, which domain will it
> use for reverse DNS lookup? Still the sender's domain or the reply-to
> header's domain?
>

Not a reverse lookup function. Reply-to and From headers should be checked
against the domain MX host with a truncated helo, mail from <>, rcpt to
(address), quit if possible. You could use VRFY, but that is not as
desireble.

> Q3.
> What will Sendmail do if it fails to match the reverse DNS? will it
> drop the message silently or sending a bounce back message to sender
> to notify on rejecting the message?
>
That's up to you and how you set the options for the function.

> And if a bounce back message is sent, which address will it be
> sending? The sender's address, the envelop from address, or the reply-
> to address?

It is not a bounce if you refuse the transaction. A bounce is when you
receive and spool the message and later process it and send a "bounce" or
NDR when the content or receipient is not wanted. This is 99.99999% of the
time in violation of RFC2476 since the receipient was not verified before
hand and is almost certainly bogus.
>
>
> Many thanks.
> Simon
>


First  |  Prev  | 
Pages: 1 2
Prev: GUI replacement for Sendmail Pro?
Next: Security of rsync (was Re: GUI replacement for Sendmail Pro?)