spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Full circle DNS test?

Re: Full circle DNS test?

From: <Darxus_at_nospam>
Date: Sat Oct 30 2010 - 06:16:22 GMT

On 10/30, wrote:
> I misread your email then, my bad.
> As far as I understand it now, is that you are getting the hostname by reverse DNS lookup against the connecting SMTP peer (that is sending a mail).
> Then you use that FQDN to for a DNS A RR query. And you expect this IP address to match to match against the SMTP peer's IP. This is even worst than my initial understanding.

Yes, if I look up the PTR record of an IP address, and then take the host
name from the result of that lookup and use it to do an A record lookup, I
should then get the IP address I started with.

And, again, I've blocked all email that failed that for three years.

Mostly. I think there were maybe two times I briefly disabled it to talk
to some broken domain.

An example from your email, delivered by IP

$ host domain name pointer

$ host has address

And the IP I end up with is the IP I started with. Pass.

Please explain why you believe it is a bad idea to try creating a test for
this and running it through spamassassin's ruleqa to see if it's useful.

Instead of just telling me you think it's a horrible idea.

A more thorough explanation of the concept is here:
That is precisely what I'm talking about creating a test for.

> Why would you want a DNS A RR to match an IP that is often founs as MX RR.

That sentence doesn't make sense. I want a PTR record that matches an
A record in reverse. That's all. As it should be. Nothing to do with
MX records.

> Are you assuming A RR == MX RR? They won't match in many cases.

No, of course not.

OHH. You... think... I mean the A record for just the domain?


No. That would be ridiculous. I said the A record for the full host
name returned by the PTR query.

> If you query for an MX DNS RR instead of A RR, it would be less stupid (but is still stupid). Paul Vixie's proposal was similar.


Yeah, that must be what you mean.

You think I mean: ->

And then look up the A record for No. The A record for
the full host name. The A record for Which should

> Final answer is your practical results. How many FP and TP are you getting? I would get crazy high FP in my case.

You've waisted my time by assuming I was clueless and failing at reading

-- "A ship in a port is safe, but that's not what ships are built for." -Grace Murray Hopper