NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: postfix for 2 domains on 1 vps 1 ip



Brett Lymn wrote:
> Bob Proulx wrote:
> > SPF identifies authorized IP addresses for domains in the message
> > envelope.  Therefore the reverse DNS pointer record does not matter in
> 
> I used to be postmaster for a large organisation and know for a fact that even if
> you have SPF and DKIM set up properly there are still places on the internet that
> will insist on the forward/reverse check and reject the mail if the addresses don't
> match.  I can't give specific examples, I cannot remember, but they exist so keep an
> eye out for rejected mails.

I wish you had not quoted the SPF bit when talking about forward
reverse DNS checks but had instead quoted the bit where I talked about
forward reverse DNS.  Because it leads me to believe that you think it
is somehow related to SPF checks instead.  And as far as I know the
forward reverse DNS issue is not in any way related to SPF.

> > Reverse DNS is the oldest validation that checks that a sending host
> > identifies its own FQDN, which is looked up to an IP address with
> > normal forward DNS, which is then looked up to a FQDN with reverse
> > DNS, which must match the original name.  This is done under the idea
> > that valid SMTP sites are using static IP address assignments and have
> > control of their DNS.  Since spammer sites most often did not have a
> > static IP assignment and did not have control of their DNS.  This is
> > an anti-forgery protection.  These assumptions have been called into
> > question in recent years.
> > 
> >     https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

Right.  There are sites that will require this.  They will tend to be
the smaller sites that set something up in 2003 and are still running
the same configuration now.  Mostly running MS Windows Server 2000 or
some such platform.  It is generally not going to be a default action
for new sites.  I don't think any of the large mailbox providers
require it.

Bob


Home | Main Index | Thread Index | Old Index