Re: More sorbs blacklisting [signed]
On Tue, 20 Jun 2006 09:47:39 +0200, Andreas John <firstname.lastname@example.org>
>> More than five is a bad week for me. I use:
>> 1) strict DNS checks (matching forward/reverse)
>I understand that checking for the existence of a reverse mapping may be
>a clever thing, but the reason for forward/reverse matching is not
>obvious to me: Imagine a user who only has one public IP at his
>"all-in-one" mail-web-server. His reverse is www.mydomain.tld to make
>people with traceroute happy, but his mx is mx1.mydomain.tld. To get
>through your spamfilter, the reverse has to be changed to
>mx1.mydomain.tld - that looks not nice in the traceroute ...
I have the same limitation, my server only has one IP. However, it's
not a problem.
Just map the two A records to the same IP, and map the reverse to the
name of the MX.
My MX name (and one A record) is jacks.isp2dial.com, and the reverse
mapping points to that. Then I CNAME mail.isp2dial.com to the MX, for
the sake of users with their POP email client software. Please note,
the MX is not, and should not be, CNAME to some other A record. The
MX needs its own A record.
My second A record is isp2dial.com, and I CNAME www.isp2dial.com to
it, so the web URL works with or without the www. prefix. It amazes
me how many web sites are unreachable without a www. prefix.
One IP, all services. Works great.