> > Bob Proulx: > Instead of Forward-Reverse-DNS matching the newer Best Practice is to > set up SPF, DKIM, DMARC for your own outgoing mail and other > anti-abuse for incoming mail.
Is it safe enough nowadays to drop dmarc failed incoming mail with opendmarc? чт, 11 февр. 2021 г. в 08:46, Cooper, Robert A <[email protected]>: > My primary outbound relay cluster connects through a load balancer NAT so > when it gives "helo host1.services.domain.tld" it actually reverses to the > hostname assigned to the load balancer (relay.domain.tld). there are > multiple nodes that all lookup with the single NAT IP when connecting > outbound. > > > RobertC > > (Sorry for top-posting, I can't find any options in Outlook Web to change > the reply thread settings!) > > > ------------------------------ > *From:* [email protected] <[email protected]> > on behalf of Viktor Dukhovni <[email protected]> > *Sent:* Wednesday, February 10, 2021 18:39 > *To:* [email protected] > *Subject:* Re: client and ehlo hostname mismatch > > > On Feb 10, 2021, at 9:38 PM, Eugene Podshivalov <[email protected]> > wrote: > > > > Are there any wise cases for a legitimate client to provide a valid ehlo > > hostname (which maps to some address) but that address will differ from > > the address it connects from? > > I don't know about "wise", but this is not uncommon. > > As an example of a less blatant mismatch, today I received a legitimate > newsletter from Cornell: > > Received: from mm.list.cornell.edu (vs-01.mm.list.cornell.edu > [128.253.150.167]) > > The EHLO name resolves to the same IP as the connecting client, but > the PTR is a variant of that name. > > Here the sort of mismatch you're asking about: > > Received: from NAM12-MW2-obe.outbound.protection.outlook.com ( > mail-mw2nam12on2072c.outbound.protection.outlook.com > [IPv6:2a01:111:f400:fe5a::72c]) > > The EHLO name (presently) resolves to: > > $ getent hosts NAM12-MW2-obe.outbound.protection.outlook.com > 2a01:111:f400:fe5a::200 > NAM12-MW2-obe.outbound.protection.outlook.com > > $ getent hosts > mail-mw2nam12on2072c.outbound.protection.outlook.com > 2a01:111:f400:fe5a::72c > mail-mw2nam12on2072c.outbound.protection.outlook.com > > $ getent hosts 2a01:111:f400:fe5a::72c > 2a01:111:f400:fe5a::72c > mail-mw2nam12on2072c.outbound.protection.outlook.com > > -- > Viktor. > >
