Search Again: Re: "Non-existent host/domain"? From: Len Conrad Date: Friday, October 4, 2002 Time: 5:52:15 am Here is a general DNS rule for all machines sending mail to Internet: The PTR hostname and that hostname's A record must match. Example of how to do it: # dig -x 217.151.160.9 ; <<>> DiG 9.2.1rc2 <<>> -x 217.151.160.9 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30572 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;9.160.151.217.in-addr.arpa. IN PTR ;; ANSWER SECTION: 9.160.151.217.in-addr.arpa. 86352 IN PTR smtp.mmedia.is. the query for the A record: # dig smtp.mmedia.is. ; <<>> DiG 9.2.1rc2 <<>> smtp.mmedia.is. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7519 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;smtp.mmedia.is. IN A ;; ANSWER SECTION: smtp.mmedia.is. 86400 IN A 217.151.160.9 There is a list of 4000+ domains of frequently forged MAIL FROM:<user@sender.domain> where they forged domain has matching PTR + A records, so the receiving mail server, when a remote ip alleges to be sending MAIL FROM: one of these domains, can do the A + PTR queries, and if no match, then reject the mail. That filter stops tons of forgeries @yahoo.com, @hotmail.com, @aol.com, AND can also stop forgeries of your domain if you add your name to the list. Another example of how DNS can facilitate your own mail being delivered and help validate others' mail being delivered to your server. Another example of how not setting up your forward and reverse zones scrupulously will sooner or later bite you. Len

Messages In This Thread: "Non-existent host/domain"? by lshastings@mac.com on Oct 4, 2002 at 1:19:08 am Re: "Non-existent host/domain"? by Len Conrad on Oct 4, 2002 at 5:30:11 am Re: "Non-existent host/domain"? by Len Conrad on Oct 4, 2002 at 5:52:15 am Re: "Non-existent host/domain"? by lshastings@mac.com on Oct 4, 2002 at 6:15:06 am Re: "Non-existent host/domain"? by Len Conrad on Oct 4, 2002 at 6:40:16 am Re: "Non-existent host/domain"? by lshastings@mac.com on Oct 4, 2002 at 7:01:47 am Re: "Non-existent host/domain"? by Len Conrad on Oct 4, 2002 at 7:13:22 am Re: "Non-existent host/domain"? by Len Conrad on Oct 4, 2002 at 7:34:37 am