spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Full circle DNS test?

Re: Full circle DNS test?

From: <Darxus_at_nospam>
Date: Sat Oct 30 2010 - 06:16:22 GMT
To: users@spamassassin.apache.org

On 10/30, m@khonji.org wrote:
> I misread your email then, my bad.
>
> As far as I understand it now, is that you are getting the hostname by reverse DNS lookup against the connecting SMTP peer (that is sending a mail).
>
> Then you use that FQDN to for a DNS A RR query. And you expect this IP address to match to match against the SMTP peer's IP. This is even worst than my initial understanding.

Yes, if I look up the PTR record of an IP address, and then take the host
name from the result of that lookup and use it to do an A record lookup, I
should then get the IP address I started with.

And, again, I've blocked all email that failed that for three years.

Mostly. I think there were maybe two times I briefly disabled it to talk
to some broken domain.

An example from your email, delivered by IP 209.85.160.173:

$ host 209.85.160.173
173.160.85.209.in-addr.arpa domain name pointer mail-gy0-f173.google.com.

$ host mail-gy0-f173.google.com
mail-gy0-f173.google.com has address 209.85.160.173

And the IP I end up with is the IP I started with. Pass.

Please explain why you believe it is a bad idea to try creating a test for
this and running it through spamassassin's ruleqa to see if it's useful.

Instead of just telling me you think it's a horrible idea.

A more thorough explanation of the concept is here:
http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
That is precisely what I'm talking about creating a test for.

> Why would you want a DNS A RR to match an IP that is often founs as MX RR.

That sentence doesn't make sense. I want a PTR record that matches an
A record in reverse. That's all. As it should be. Nothing to do with
MX records.

> Are you assuming A RR == MX RR? They won't match in many cases.

No, of course not.

OHH. You... think... I mean the A record for just the domain?

?

No. That would be ridiculous. I said the A record for the full host
name returned by the PTR query.

> If you query for an MX DNS RR instead of A RR, it would be less stupid (but is still stupid). Paul Vixie's proposal was similar.

What?

Yeah, that must be what you mean.

You think I mean:

192.168.1.1 -> mail.domain.com

And then look up the A record for domain.com? No. The A record for
the full host name. The A record for mail.domain.com. Which should
be 192.168.1.1.

> Final answer is your practical results. How many FP and TP are you getting? I would get crazy high FP in my case.

You've waisted my time by assuming I was clueless and failing at reading
comprehension.

-- "A ship in a port is safe, but that's not what ships are built for." -Grace Murray Hopper http://www.ChaosReigns.com