Re: not accepting mail despite proper A<->PTR setup

To: debian users <debian-user@lists.debian.org>
Subject: Re: not accepting mail despite proper A<->PTR setup
From: Nathan E Norman <nnorman@incanus.net>
Date: Sat, 22 Mar 2003 13:15:48 -0600
Message-id: <[🔎] 20030322191548.GM12330@incanus.net>
Mail-followup-to: debian users <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20030322155452.GA30061@diamond.madduck.net>
References: <[🔎] 20030322155452.GA30061@diamond.madduck.net>

On Sat, Mar 22, 2003 at 04:54:52PM +0100, martin f krafft wrote:
> I just got a mail delivery error from another MTA:
> 
>   <xxxxx@xxxxxxx.xx>: host xxxx xxxxxxx.xx[123.12.123.12] refused to
>   talk to me: 501-HELO requires a valid host name as operand:
>   'albatross.madduck.net' 501-connection rejected from
>   debian4.unizh.ch remote address [130.60.73.144]. 501-Reason given
>   was: 501-  No reverse DNS PTR for the remote address
>   [130.60.73.144] has a 501   hostname matching
>   'albatross.madduck.net'
> 
> 130.60.73.144 is my mailout server, which has a PTR record to
> debian4.unizh.ch, which resolves back to that IP.
> 
> since this is a virtual setup, the same IP also services
> albatross.madduck.net. in this case, the HELO name used was
> albatross.madduck.net, which the other MTA refused. is it just me,
> or is this overly paranoid, and possibly even wrong? is there
> any document that specifies that I have to have a PTR record for
> every A record? my belief is that multiple PTR records have little
> purpose. am i wrong?

Multiple PTR records do not make sense.  Every IP address should have
a PTR record; there should be a valid A record which corresponds to a
PTR record.  Additional A records are allowed.

These days testing for a valid PTR record and A record combination is
rather painful as many people seem to get this wrong.  At best it is
indicative of "clue" level at the remote end.  If you do it correctly
you can make it obvious when someone is using an IP they shouldn't be
using; for all your unassigned IPs set the PTR record to an invalid A
record (like "invalid.isp.net").

As far as I can tell, your setup works.  I'm not sure why the remote
has decided to reject your connection.  Perhaps you could configure
your MTA to send "debian4.unizh.ch" as the HELO/EHLO argument?

-- 
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
  If man asks for many laws it is only because he is sure that his
  neighbor needs them; privately he is an unphilosophical anarchist,
  and thinks laws in his own case superfluous.
          -- Will Durant

Attachment: pgpO6fyDAku1B.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: not accepting mail despite proper A<->PTR setup
  - From: martin f krafft <madduck@debian.org>

References:
- not accepting mail despite proper A<->PTR setup
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: When will we see alsa-modules for 2.4.20?
Next by Date: Re: X (fails to start)
Previous by thread: not accepting mail despite proper A<->PTR setup
Next by thread: Re: not accepting mail despite proper A<->PTR setup
Index(es):
- Date
- Thread