firewall IP as Originating IP for emails

[Steve Cowles]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Stardate 6609.08, Steve Buehler said:

| At 07:26 AM 9/9/2004, you wrote:
|
|> On Thu, Sep 09, 2004 at 04:50:18PM +0630, Mrs. Geeta Thanu wrote:
|> > 554 5.7.1 The server sending your mail[210.212.212.2] does not have a
|> > reverse DNS entry.connection rejected.Please conatct your network ISP
|> > provider.Default reject!
|>
|> This used to be a common rejection, when each site was assigned its
|> own IP address(es).  It then became less common, as assignment of IP
|> addresses from ISPs became the norm.  Now, it appears that some sites,
|> in a probably misguided attempt to reject spammers, have returned to
|> trying to validate IP addresses.  I say misguided since (a) most spam
|> is from owned machines, so it won't help, and (b) most admins won't have
|> arranged with their ISPs--and many ISPs aren't willing to--provide PTR
|> records that reflect the originating domain.
|
|
| Unless this has changed in the last day or so, since I haven't heard any
| complaints or noticed any rejected mail, the reverse DNS does not have
| to say the domain name that is on that IP.  We have 2 class C's and the
| reverse DNS's all say client.ibapp.com.  I also have a couple of servers
| at my house with just 5 IP's total and I don't have to have SWBell (my
| DSL ISP) setup a reverse DNS that matches the domain names of my
| machines since they already have
| "adsl-xx-xx-xxx-xxx.dsl.kscymo.swbell.net" (real IP x'd out) as the
| reverse DNS entry and I do not get blocked by anybody.  We started this
| when AOHell started rejecting email because of reverse DNS not being
| setup for the domains on our servers and have not had any problems
| since.  So basically, you just have to have a reverse DNS, it doesn't
| have to be correct for your mail to stop getting rejected.  I know that
| it should be setup correctly with the domain name that is actually doing
| it, but sometimes, for some people, that might not be feasible.
|

First, I don't disagree with what you have written above, but you're
lucky that your IP adsl-xx-xx-xxx-xxx.dsl.kscymo.swbell.net is not
listed with an rbl like SORBS. If it was and you were to try and get
de-listed, you would receive an e-mail from SORBS stating...

~   NOTE to Endusers: "Suitable rDNS" means there should be a
~   PTR record that points to your MX record and visa versa.
~   If it does not we cannot delist you!

Fortunately, Verizon (my ISP) has a procedure in place for business
customers (static) to request that their PTR record be changed. Since my
MTA announces itself as mail.mydomain.com (so to speak) and the MX
records for my domains point to the same name, I submitted a request to
Verizon to have the PTR record changed to mail.mydomain.com.

Although I was successfully de-listed from SORBS, this whole process
took over two weeks. <groan>

- --
Steve Cowles
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBQGgz+EiWPcdLGmQRAmeTAJ40Qpfg4w6R6l8lDagPLuKdadf3wgCaAj9h
SXFNfhx2mW1R4UTdoxJ/cYs=
=7JRa
-----END PGP SIGNATURE-----