[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More sorbs blacklisting [signed]

On Tue, 20 Jun 2006 09:47:39 +0200, Andreas John <aj@net-lab.net>

>> More than five is a bad week for me.  I use:
>> 1) strict DNS checks (matching forward/reverse)

>I understand that checking for the existence of a reverse mapping may be 
>a clever thing, but the reason for forward/reverse matching is not 
>obvious to me: Imagine a user who only has one public IP at his 
>"all-in-one" mail-web-server. His reverse is www.mydomain.tld to make 
>people with traceroute happy, but his mx is mx1.mydomain.tld. To get 
>through your spamfilter, the reverse has to be changed to 
>mx1.mydomain.tld - that looks not nice in the traceroute ...

I have the same limitation, my server only has one IP.  However, it's
not a problem.

Just map the two A records to the same IP, and map the reverse to the
name of the MX.

My MX name (and one A record) is jacks.isp2dial.com, and the reverse
mapping points to that.  Then I CNAME mail.isp2dial.com to the MX, for
the sake of users with their POP email client software.  Please note,
the MX is not, and should not be, CNAME to some other A record.  The
MX needs its own A record.

My second A record is isp2dial.com, and I CNAME www.isp2dial.com to
it, so the web URL works with or without the www. prefix.  It amazes
me how many web sites are unreachable without a www. prefix.

One IP, all services.  Works great.

Reply to: