On Wed, 18 Sep 2013, Art Greenberg wrote:
I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns= ". I
currently don't see that header, but I can see X-Spam-RelaysUntrusted (how do
I enable X-S-R-External?).
Here are some of the headers for a message received here that hit on
RDNS_NONE:
X-Spam-RelaysUntrusted: [ ip=66.162.193.229 rdns=
helo=drone048.ral.icpbounce.com by=spamfilter.netcarrier.com ident= envfrom=
intl=0 id=20130918171610649 auth= msa=0 ]
...
Received: from drone048.ral.icpbounce.com ([66.162.193.229])
by spamfilter.netcarrier.com
({671ddfa8-006a-4d35-b7ac-a2829c8915e9})
via TCP (inbound) with ESMTP id 20130918171610649
for <a...@eclipse.net>;
Wed, 18 Sep 2013 17:16:10 +0000
When I execute "host 66.162.193.229":
229.193.162.66.in-addr.arpa domain name pointer drone048.ral.icpbounce.com.
Why does SA think there is no RDNS for 66.162.193.229?
Because there is no hostname within the parentheses in that Received:
header. The name outside the parens is the HELO sent by the remote MTA,
which is often totally different than the remote MTA's rDNS name.
Look to your MTA; it's either not attempting rDNS lookups or not putting
the rDNS results into the Received: headers it generates.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The one political issue that strips all politicians bare is
individual gun rights.
-----------------------------------------------------------------------
Tomorrow: Talk Like a Pirate day
