On Wed, Feb 10, 2021 at 01:20:23PM -0700, Bob Proulx wrote:
> Eugene Podshivalov wrote:
> > I've just received a spam email from a client who presented itself as
> > emx.mail.ru but its ip 117.30.137.22 resolves to
> > 22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
> >
> > Are reverse client hostname and the ehlo one not supposed to match?
>
> And now some very large service providers will not provide Reverse-DNS
> mapping for server's IP addresses. This means that valid servers will
> not be able to have a valid reverse mapping. This means that if one
> hard blocks on this full circle validity check then they will drop
> valid email and people will not be happy.
The actual expectation is that the EHLO name is a valid DNS hostname,
and should resolve to the IP address of the client. This is not always
the same as the IP address resolving back to that name.
Thus for a client connecting from 192.0.2.1 with an EHLO name of
"ehlo.example" we might find a set of DNS records of the form:
ehlo.example. IN A 192.0.2.1
1.2.0.192.in-addr.arpa. IN PTR some.name.example.
some.name.example. IN A 192.0.2.1
Where the EHLO name is consistent with the connecting IP address when
mapped forward from the name to the address. Also the IP address has a
PTR record, which in turn maps back that name, which may be different
from the EHLO name.
Best practice is for both names to be the same, but this is not
required. And sometimes either or both of the forward mappings may be
missing or may map to a different address.
--
Viktor.
