spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Full circle DNS test?

Re: Full circle DNS test?

From: <m_at_nospam>
Date: Sat Oct 30 2010 - 05:43:39 GMT
To: Darxus@ChaosReigns.com,users@spamassassin.apache.org

I misread your email then, my bad.

As far as I understand it now, is that you are getting the hostname by reverse DNS lookup against the connecting SMTP peer (that is sending a mail).

Then you use that FQDN to for a DNS A RR query. And you expect this IP address to match to match against the SMTP peer's IP. This is even worst than my initial understanding.

Why would you want a DNS A RR to match an IP that is often founs as MX RR. Are you assuming A RR == MX RR? They won't match in many cases.

If you query for an MX DNS RR instead of A RR, it would be less stupid (but is still stupid). Paul Vixie's proposal was similar.

Final answer is your practical results. How many FP and TP are you getting? I would get crazy high FP in my case.

------Original Message------
From: Darxus@ChaosReigns.com
To: users@spamassassin.apache.org
Subject: Re: Full circle DNS test?
Sent: Oct 30, 2010 9:26 AM

I never said anything about the domain matching the MAIL FROM. Or anything
else. Just that the sending IP have a PTR record which matches an A record
which matches the sending IP. Any domain. And, of course, the test would
have false positives, as do most others.

But as I said, I already block all email at my MTA that doesn't pass it.
Since January 2007, apparently. So I think it's worth having a test for.

On 10/30, m@khonji.org wrote:
> How do you expect this to handle cases when a single IP address (i.e single MTA) is responsible for sending emails for multiple domains. The domain name match won't happen for all.
>
> That's why we have SPF, SenderID (MS didn't want to feel left out, and DKIM (RFC standard).
>
> As far as reverse lookup goes, AOL requires MTAs to have a reverse PTR zone in a form of FQDN, but doesn't mandate exact match of the domain found in MAIL FROM in SMTP header. Which is less restricted than your sugge stion.
>
> BTW, back in dark ages, there were discussions in RFC mailing lists of similar approaches like yours but got rejected. Paul Vixie had his own suggestions too.

-- "There never has been an answer. There never will be an answer. That's the answer." - Gertrude Stein http://www.ChaosReigns.com --- Mahmoud Khonji