|Main Archive Page > Month Archives > spamassassin-users archives|
On 10/30, email@example.com wrote:
> I misread your email then, my bad.
> As far as I understand it now, is that you are getting the hostname by reverse DNS lookup against the connecting SMTP peer (that is sending a mail).
> Then you use that FQDN to for a DNS A RR query. And you expect this IP address to match to match against the SMTP peer's IP. This is even worst than my initial understanding.
Yes, if I look up the PTR record of an IP address, and then take the host
name from the result of that lookup and use it to do an A record lookup, I
should then get the IP address I started with.
And, again, I've blocked all email that failed that for three years.
Mostly. I think there were maybe two times I briefly disabled it to talk
to some broken domain.
An example from your email, delivered by IP 126.96.36.199:
$ host 188.8.131.52
184.108.40.206.in-addr.arpa domain name pointer mail-gy0-f173.google.com.
$ host mail-gy0-f173.google.com
mail-gy0-f173.google.com has address 220.127.116.11
And the IP I end up with is the IP I started with. Pass.
Please explain why you believe it is a bad idea to try creating a test for
this and running it through spamassassin's ruleqa to see if it's useful.
Instead of just telling me you think it's a horrible idea.
A more thorough explanation of the concept is here:
That is precisely what I'm talking about creating a test for.
> Why would you want a DNS A RR to match an IP that is often founs as MX RR.
That sentence doesn't make sense. I want a PTR record that matches an
A record in reverse. That's all. As it should be. Nothing to do with
> Are you assuming A RR == MX RR? They won't match in many cases.
No, of course not.
OHH. You... think... I mean the A record for just the domain?
No. That would be ridiculous. I said the A record for the full host
name returned by the PTR query.
> If you query for an MX DNS RR instead of A RR, it would be less stupid (but is still stupid). Paul Vixie's proposal was similar.
Yeah, that must be what you mean.
You think I mean:
192.168.1.1 -> mail.domain.com
And then look up the A record for domain.com? No. The A record for
the full host name. The A record for mail.domain.com. Which should
> Final answer is your practical results. How many FP and TP are you getting? I would get crazy high FP in my case.
You've waisted my time by assuming I was clueless and failing at reading
-- "A ship in a port is safe, but that's not what ships are built for." -Grace Murray Hopper http://www.ChaosReigns.com