Jesse Stroik wrote:
Bowie,
What does having the mail gateway on an internal network have to do with
anything? If it is going to send mail to the Internet, then it must
have a public IP address in order to do so. This address may be local
to the machine or it may be translated by a router or firewall, but
either way there must be a public IP address used by the mailserver.
All the rDNS test cares about is that this public IP address resolve
back to a name...ANY name. This should not be a problem for any mail
gateway installation.
The originating mail server could have a private address of, for
example, 172.17.1.60, for exmaple. It could then send that message
through another SMTP server that trusts the internal server. And now
you've got 172.17.1.60 in your headers as the originating server and
that doesn't (and shouldn't) reverse resolve.
You could argue that the mail gateway should strip that line from the
header but you can also come up with a variety of reasons not to. The
fact remains that this setup is perfectly legitimate within the SMTP RFC
and people use it.
I don't know why you are talking about _headers_. we are talking about
the IP address in the IP packet. This IP address must be routable.
If you want to start enforcing new rules that people should follow there
are proper channels to employ. Dropping your users' legitimate mail
isn't in your users' interest and as a professional sysadmin you are
compensated to protect your users' interest. Punishing people for
having configurations you believe to be odd, old or obsolete is a
differently line of work entirely ;)
people who block on absence of rDNS do so to combat spam. Many IPs
without PTR are residential and should not send mail directly.
Unfortunately, there are MTAs in the same situation. so the check is
unsafe for the general public (but may be ok for some sites).
