North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: question on ptr rr

  • From: garrett.allen
  • Date: Sun Feb 08 16:45:29 2004

the package in question (and maybe others do as well) has the option to
perform the reverse you describe.  we tried the milder version first which
only verifies the ip sending the packets has a ptr - no domain xref.  our
upstream provider is our alternate mx (with a higher pref, of course).  any
mail they accept and forward to us would fail under the more restrictive
version of reverse (for example, say we were down for maint.).  at least
that is my understanding after speaking with the software vendors
development team.

thanks.
----- Original Message ----- 
From: "Andrew - Supernews" <[email protected]>
To: <[email protected]>
Sent: Sunday, February 08, 2004 4:01 PM
Subject: Re: question on ptr rr


>
> >>>>> "Paul" == Paul Vixie <[email protected]> writes:
>
>  Paul> that's one check of many.  the PTR has to match the HELO, which
>  Paul> means all of the worms and spammers who forge @yahoo.com
>  Paul> addresses and use YAHOO.COM as their HELO will continue to get
>  Paul> hammered.
>
> If you're going to get picky about HELO names, then it's better to
> require that the HELO has an A record pointing to the connecting IP,
> rather than look at PTR.
>
> -- 
> Andrew, Supernews
> http://www.supernews.com
>
>