On Mon, Jan 17, 2005 at 03:01:48PM -0700,
administrator(_at_)yellowhead(_dot_)com
wrote:
I tried to send this to you directly, but your server rejected it with
the following message:
Diagnostic-Code: SMTP; 450 Client host rejected: cannot find your
hostname, [69.36.102.205]
I added the IP to my whitelist. I'm going to write back shortly (off list)
I have had a few legit messages rejected by the forward-confirmed-rDNS
test. I have had to whitelist a few IPs over time, but not a lot... maybe
4 in 6 months.
The most common cause of failures is no rDNS at all, but in some rare cases
like this one, there is an rDNS and the forward lookup doesn't give back an
IP or it's not the same IP.
The reason for the forward-confirm is to prevent folks who have control
over the reverse to give misleading host names that they *don't* control.
For example, if the reverse DNS says "hotmail.com" but "hotmail.com"
doesn't have that IP, then there is no way to confirm that the IP is really
hotmail.com.
Note: It is possible to return multiple names in response to a PTR query.
If this happens, at least one of those names needs to point back to the
same IP to be forward-confirmed.
ObSPF: this check doesn't have anything to do with HELO, but I have
considered using a HELO PASS to override a rDNS failure. That would give
folks the ability to hand me a name that I *can* confirm. It might help in
cases where the mailserver admin has his own domain name but can't control
the rDNS...
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>