Matus UHLAR - fantomas wrote: > 181.188.252.222.in-addr.arpa domain name pointer localhost. > > That is why FcRDNS is being used everywhere... > > localhost has address 127.0.0.1 => fail.
Actually, localhost doesn't resolve via DNS; it has no A record, nor any other record type. It resolves locally without using DNS; see your /etc/hosts file. Similarly, 1.0.0.127.in-addr.arpa. has no PTR record indicating it should be called localhost. > if anyone uses reverse DNS name without forward-confirming it, it's their > own fault and they can take all consequencies from such stupid setup. afaik > some reverse-checking services are more strict about invalid than about > nonexisting hostnames. And I recommend to behave like that. > > SA (usually) uses hostname passed by MTA, so if an MTA is affected by this > bug, blame MTA, not SA. And I'm not sure if the hostname is used by any > checks that would cause positive (oor lower negative) score. Sadly, too many servers are set up improperly in this context, so I doubt I'm in the minority when I say that I don't use this metric to single-handedly block mail. My khop-general.sa.khopesh.com channel contains: # Sendmail's FCrDNS, see http://www.sendmail.org/faq/section3#3.38 header KHOP_MAYBE_FORGED Received =~ /\(may be forged\)/ describe KHOP_MAYBE_FORGED Relay IP's reverse DNS does not resolve to IP score KHOP_MAYBE_FORGED 0.8 # 20050802, raised 0.15->0.8 20090603 # Violates rfc2821? See http://en.wikipedia.org/wiki/FCrDNS#Uses header KHOP_HELO_FCRDNS X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=(\S+) helo=(?!\1)\S/ describe KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS score KHOP_HELO_FCRDNS 0.4 # 20090603 > Maybe SPF, I expect someone to comment on this... Same problem as above: "localhost" is not actually a domain. $ host -t TXT localhost. localhost has no TXT record $ host -t TXT localhost.localdomain. localhost.localdomain has no TXT record I suppose I could place such an entry in my local DNS server... Actually, I like that idea. Don't forget to also create an A record! You'll want TXT record "v=spf1 ip4:127.0.0.0/8 -all" for both localhost. and localhost.localdomain. -- Adam Katz khopesh on irc://irc.freenode.net/#spamassassin http://khopesh.com/Anti-spam
