On 09/12/10 20:30, Karsten Bräckelmann wrote: > On Thu, 2010-12-09 at 20:18 +0000, Cedric Knight wrote: >> I noticed some bad false positives on email sent from certain web >> servers that haven't (yet) been properly configured. For example, a >> trusted header line starting: > > Ah, so they are operational, just poorly configured. That's what you > just said in other words, right? :)
Yes, I was trying to think of a tactful way of putting it without showing exasperation :). It appears that a client can easily set up hosting using cPanel or something without ever setting the rDNS or hostname to anything other than the numeric default. I don't actually know if rDNS or hostname are directly under client control, but I've advised senders to ask their hosting company to deal with it. > > Anyway, why are *web* servers sending out mail at all? Other than maybe > cron junk and friends, which would warrant bypassing SA or extending > your internal network. If they are indeed intended to send out mail to > third-parties, they better be configured properly first. In the case that actually caused me to write, orders from a shop. Or it might be running PHPList or CiviCRM or any CMS that authenticates users by email. > >> Received: from 94.229.160.4.srvlist.ukfast.net >> (94.229.160.4.srvlist.ukfast.net [94.229.160.4]) > > Looks like a dynamic hostname indeed. The "srv" might raise suspicions. In fact, I suppose it's not a totally unreasonable form of rDNS for a large server farm, but personally I give all the cows on my farm names. -- All best wishes, Cedric Knight GreenNet GreenNet supports and promotes groups and individuals working for peace, human rights and the environment through the use of information and communication technologies. GreenNet, Development House, 56-64 Leonard Street, London EC2A 4LT Tel: UK 0845 055 4011 (Intl +44) 20 7065 0935 Fax: 020 7253 0936 Registered in England No. 02070438 VAT Reg GB 473 0262 65
