nik600 wrote:
I'm experiencing a strange problem with RDNS_NONE.
On the same sender host, sometimes it is marked with RDNS_NONE, and
sometimes not.
The host has a reverse dns!
Example:
Received: from dadosoftware.com (dns2.dadosoftware.com [217.199.13.2]) -> OK
Received: from dadosoftware.com (unknown [217.199.13.2]) -> FALSE POSITIVE
you seem to have a special conception of "false positive"?
your MTA can decide that it is "unknown" for many reasons, including:
- not configured to lookup rdns
- dns lookup timeout
in these two cases, there is no point to talk about "false positive".
But 217.199.13.2 has a reverse dns!
2.13.199.217.in-addr.arpa. 11894 IN PTR dns2.dadosoftware.com.
just for info, this is not enough. always check the returned name, like this
$ host dns2.dadosoftware.com
dns2.dadosoftware.com has address 217.199.13.2
so the resulting IP is the original one. otherwise, the rdns is
irrelevant (in case of mismatch, it is "unknown" in postfix, tcp
wrappers, ... etc).
Who decides the presence of RDNS_NONE ?
A real dns check or a parsing of the email headers?
And, in case of parse who decides to write dns2.dadosoftware.com
[217.199.13.2] instead of unknown [217.199.13.2]?
for one, it is your MTA that does the dns lookup, so whatever it could
be, it's not an SA issue.
secundo, the default configuration has
score RDNS_NONE 0.1
if this causes an FP, then you must be living in a different Cantor space.
