Re: Problems with mail system? [Fwd: Returned mail: User unknown]
On Thu, Sep 07, 2000 at 05:00:39PM -0500, Joseph Carter wrote:
> On Thu, Sep 07, 2000 at 08:44:06PM +0000, Miquel van Smoorenburg wrote:
> > A server on the 'net without matching forward/reverse DNS is broken.
> > Period.
>
> Complete bullshit. Show me the RFC that says you may only have one
> DNS name attached to an IP at a time.
nobody claimed that it did. i'd accuse you of inventing straw-men
arguments just to "prove" your "point" but i don't believe you're
anywhere near smart enough to even attempt that....i'll put it down to
stupidity rather than malice.
> You can't do it because it doesn't exist. Several Debian developers
> have debian.net subdomains which do not reverse because they have no
> control over their DNS even though their IP addresses are static. My
> static IP address with @home (yes, I did convince them to give me one)
> is cc659474-a.indnpls1.in.home.com as far as they are concerned. I
> have no desire to use that hostname on my email, so I have this:
>
> tank.debian.net A 24.22.127.210
>
> This is perfectly legal practice according to every RFC I have ever
> read. It is also quite legitimate for my system to declare that it is
> tank.debian.net which does indeed resolve to a valid IP address. The
> fact people such as yourself would add the additional requirement that
> 24.22.127.210 resolve back to tank.debian.net has nothing to do with
> what the RFC's state is correct.
as usual, you don't have the faintest clue of what you are talking
about. as usual, you are getting all flustered and distressed over your
own idiotic misunderstanding of what is going on.
the fact that there is an A record for tank.debian.net pointing to the
IP address is completely and utterly irrelevant.
those sites which do reverse lookup checks for incoming connections do
one (or both) of two things:
1. check that there is a .in-addr.arpa PTR record the IP address in
question.
2. check that the .in-addr.arpa PTR record is actually correct. e.g.
if the server does a lookup on 24.22.127.210 and finds the PTR record
which says that it is "cc659474-a.indnpls1.in.home.com", then it will
immediately do a lookup on "cc659474-a.indnpls1.in.home.com" to make
sure that it has an A record pointing to 24.22.127.210. this is what TCP
Wrappers calls a "PARANOID" check.
note that tank.debian.net does not enter the picture at all. it is
irrelevant to the check under discussion. since the .in-addr.arpa PTR
record does not mention tank.debian.net at all, the server does not and
CAN NOT know or care anything about that name.
whether failure of either or both of the above checks is a valid reason
for bouncing mail is another matter entirely (and, IMO, it is not
valid).
some other sites check whether the SMTP envelope HELO/EHLO hostname
exists. some even check whether it resolves to the IP address of the
incoming connection. these have nothing to do with reverse DNS lookups,
and the question of whether they are good policy or not is debatable
(IMO the former is OK, the latter is not).
craig
--
craig sanders
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: