AOL blocking MailScanner messages!

Steve Thomas lists at STHOMAS.NET
Fri Dec 5 01:01:25 GMT 2003


On Thu, Dec 04, 2003 at 06:37:34PM -0600, Mike Kercher is rumored to have said:
>
> If not, admins on the other end need to get off their ass and make their
> networking correct, complete and in compliance with the RFC's.

I've only been skimming this thread, so this may have been stated already. If so, I apologize...

You're forgetting that reverse dns is a totally different animal than forward, and that just about anyone with less than a /24 (and many with a /24 or larger) don't have the reverse zones delegated to their servers. If I own foo.com, I can easily create any forward entry in the foo.com domain, but making something in the in-addr.arpa domain point to mailserver.foo.com is not nearly as easy.

As a for instance, the machine I'm sending this message from is on a RoadRunner network. We've got a block of addresses allocated to us and despite repeated assurances that they would delegate the in-addr.arpa zone for our netblock to our dns server, it's never happened. Now if RR managed to have a corrupt zone file, forgot to generate PTR records for our netblock or for some other reason wasn't on the ball, I'd be "an admin who was sitting on my ass not making my network correct"? I think not. My dns server is properly configured to serve requests for the /28 we've been allocated but RR is still in control of the zone.

Then there's network outages, software failures, fiber cuts, DDoS attacks, etc, etc to consider. You'll reject mail just because the DNS server serving the in-addr.arpa zone for the connecting machine is unreachable?

I can see adding a warning header or something innocuous like that, but outright rejecting mail from machines without RDNS properly configured is overkill, IMHO.


Steve


--
"Blessed is the man, who having nothing to say, abstains from giving wordy evidence of the fact."
- George Eliot (1819-1880)



More information about the MailScanner mailing list