[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: RDNS_NONE
From:       mouss <mouss () netoyen ! net>
Date:       2008-09-29 14:36:47
Message-ID: 48E0E7FF.7070500 () netoyen ! net
[Download RAW message or body]

Jimmy Stewpot wrote:
> Hi There,
> 
> I have recently been getting a huge increase in the number of emails 
> which are being marked as spam. In those emails I see that the headers 
> say RDNS_NONE. 

unless you modified the score, this is irrelevant. the default is

score RDNS_NONE             0.1

which won't make a ham become spam.

> It seems that in most cases the remote servers in the 
> header do in fact reverse resolve.

an rDNS must be "confirmed" or it is ignored. it goes as this:

- take the IP. get its PTR:
$ host 140.211.11.2
2.11.211.140.in-addr.arpa domain name pointer hermes.apache.org.

- take the returned name and resolve it

$ host  hermes.apache.org
hermes.apache.org has address 140.211.11.2

so it yields the original IP. which is what we want.

if you don't do this, anyone who manages DNS for an IP block can claim 
that his IP is foo.microsoft.com or bar.paypal.com.

if an IP returns multiple PTRs, that's multiple opportunities for 
trouble. not only the double resoultion must work for all the PTRs (only 
the first PTR is checked, but with round robin, any PTR may come first). 
  which is enough to avoid multiple PTRs (which are useless and are not 
needed for multi-homing).


> I have checked randomly in about 30 
> messages that have been marked in this way. Am I missing the point of 
> RDNS_NONE as a rule? What is it meant to actually be doing?

it means SA couldn't determine the rDNS from MTA Received headers.
[prev in list] [next in list] [prev in thread] [next in thread]