On Mon, 5 Oct 2009, Igor Bogomazov wrote:
John Hardin wrote:
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
I've checked rDNS of the prefix.domain.mail with 'host' utility -
it's all right.
Igor, can you show us how you used host and what it output?
Here's both headers, tagged "Received":
Neither of these illustrate how you are checking your rDNS data.
Received: by MYDOMAIN.MAIL (Postfix, from userid 1002)
id F0E8D9B801A; Fri, 2 Oct 2009 12:08:13 +0400 (MSD)
Received: from SUB.MYDOMAIN.MAIL (unknown [12.12.12.12]) by
highlink.ru (Postfix) with ESMTP id 9562D6A82F5 for <some...@somewhere>;
Fri, 2 Oct 2009 12:08:13 +0400 (MSD)
I suppose the last one is in use. SUB.MYDOMAIN.MAIL with IP 12.12.12.12,
right? I can check rDNS of the IP-address and it is really
SUB.MYDOMAIN.MAIL.
Ignore the text immediately after the "from", in this case
"SUB.MYDOMAIN.MAIL". That is _not_ rDNS data, that is whatever the client
sent in its SMTP HELO, and can be _anything_. If you see the correct
hostname there it just means that computer is sending its correct hostname
when it says HELO.
To illustrate, I pulled this out of your message to the list, it is not
edited in any way:
Received: from localhost (unknown [213.108.33.133])
by highlink.ru (Postfix) with ESMTP id 37F236A818D
for <users@spamassassin.apache.org>; Mon, 5 Oct 2009 10:28:48 +0400 (MSD)
I'm pretty sure 213.108.33.133's rDNS does not say "localhost".
The "(unknown [12.12.12.12])" is the DNS data about the client as your MTA
sees it, and the fact that it says "unknown" means that for some reason it
cannot perform rDNS on that IP address, or perhaps its rDNS is explicitly
set to "unknown". If rDNS was working you'd see something like:
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by ga.impsec.org (8.13.7/8.13.7) with SMTP id n956Tp8L020518
for <jhar...@impsec.org>; Sun, 4 Oct 2009 23:29:55 -0700
Exactly how are you checking the rDNS of that IP address? Can you
demonstrate? For example, here are rDNS lookups on the two IP addresses
from my examples above:
jhar...@dendarii ~ $ host 213.108.33.133
133.33.108.213.in-addr.arpa domain name pointer 133.33.108.213.hl.ru.
jhar...@dendarii ~ $ host 140.211.11.3
3.11.211.140.in-addr.arpa domain name pointer hermes.apache.org.
I note that the first does have an rDNS, even though the Received: header
from the MTA in the example above says "unknown".
Are you performing your rDNS tests on the MTA computer? It looks to me
like the DNS setup on it is misconfigured somehow and it can't perform
rDNS queries successfully.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Therapeutic Phrenologist - send email for affordable rate schedule.
-----------------------------------------------------------------------
Approximately 9181140 firearms legally purchased in the U.S. this year
