RDNS_NONE hits when it shouldn't
dave at jonesol.com
Wed Oct 21 17:48:48 UTC 2015
Correct. Some mail admins know to get the PTR record setup but they
don't know about the forward lookup part of FCrDNS ("caller ID" for
sending mail servers). This makes it important to setup a dedicated A
record and IP/1-to1 NAT for your sending/outbound mail server so you
can get all 3 pieces of information (SMTP HELO -> A record -> PTR
record back to the HELO) to line up. It's possible to get them to
line up without a dedicated IP or 1-to-1 NAT but I have seen many
outbound servers use "mail.example.com" as their HELO on IP
18.104.22.168 but they are using that same hostname/URL for webmail or
something on IP 22.214.171.124 so only 2 of the 3 parts line up.
On Wed, Oct 21, 2015 at 11:12 AM, Mark Sapiro <mark at msapiro.net> wrote:
> On 10/21/2015 01:05 AM, gojensen wrote:
>> We sometimes have issues with mail being flagged because of the
>> RDNS_NONE (Delivered to internal network by a host with no rDNS).
>> In essence this means that the senders IP address has no correct DNS
>> setup. However, when we try do nslookup on the mailscanner machine with
>> those IP addresses they resolve just fine.
> That is not the issue.
> A properly configured mail server will identify itself in HELO or EHLO
> as say example.com.
> dig A example.com
> (or nslookup) will return 111.222.333.444 as the IP address of
> example.com and this should be the IP address of the connecting server.
> Then rDNS
> dig -x 111.222.333.444
> should return a PTR record back to example.com. RDNS_NONE says that
> there is no PTR record in DNS for 444.333.222.111.in-addr.arpa.
> See <https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS>
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
More information about the MailScanner