Art Greenberg wrote:
> I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns=
> ". I currently don't see that header, but I can see
> X-Spam-RelaysUntrusted (how do I enable X-S-R-External?).
These are pseudoheaders generated internally by SA when deconstructing
the real Received: header(s). They should be visible in the output from -D.
> Received: from drone048.ral.icpbounce.com ([66.162.193.229])
> by spamfilter.netcarrier.com
> ({671ddfa8-006a-4d35-b7ac-a2829c8915e9})
> via TCP (inbound) with ESMTP id 20130918171610649
> for <a...@eclipse.net>;
> Wed, 18 Sep 2013 17:16:10 +0000
Which MTA is this?
Postfix and sendmail I'm sure (and Exim probably) would create:
Received: from drone048.ral.icpbounce.com (drone048.ral.icpbounce.com
[66.162.193.229]) by spamfilter.netcarrier.com
...(etc)
qmail, as best I can recall, doesn't include rDNS in its Received:
headers (although there's probably a patch somewhere out there to do so)
> When I execute "host 66.162.193.229":
>
> 229.193.162.66.in-addr.arpa domain name pointer drone048.ral.icpbounce.com.
>
> Why does SA think there is no RDNS for 66.162.193.229?
SA does not look this information up (IIRC there have been a few debates
about whether it should or not), so if it's missing from the Received:
header, SA won't have it.
To be a little more precise about the root cause, this information is
only added by Postfix or sendmail as in my example if there is a closed
loop from IP->name->IP.
-kgd
