spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Full circle DNS test?

Re: Full circle DNS test?

From: <m_at_nospam>
Date: Sat Oct 30 2010 - 04:51:56 GMT

How do you expect this to handle cases when a single IP address (i.e single MTA) is responsible for sending emails for multiple domains. The domain name match won't happen for all.

That's why we have SPF, SenderID (MS didn't want to feel left out, and DKIM (RFC standard).

As far as reverse lookup goes, AOL requires MTAs to have a reverse PTR zone in a form of FQDN, but doesn't mandate exact match of the domain found in MAIL FROM in SMTP header. Which is less restricted than your sugge stion.

BTW, back in dark ages, there were discussions in RFC mailing lists of similar approaches like yours but got rejected. Paul Vixie had his own suggestions too.

------Original Message------
Subject: Full circle DNS test?
Sent: Oct 30, 2010 6:02 AM

I see there's a RDNS_NONE rule for when the sending IP address has no DNS
PTR (reverse DNS) record. But no rule for when that PTR record doesn't
have a matching A (forward DNS) record that matches the sending IP?

For example, if you get an email from me, and look up the IP: ->

Then you can look up that host name and get: ->

And if that IP didn't match the sending IP, it would fail this test.

Is this something that would be accepted into spamassassin if I created a
module? Or a feature that would be added if I didn't do it?

I block all email that doesn't pass this test at my MTA (postfix
reject_unknown_client_hostname), but I understand some people don't.

"It's a dangerous business, Frodo, going out your front door. You step
into the Road, and if you don't keep your feet, there is no knowing
where you might be swept off to." - Bilbo Baggins

Mahmoud Khonji