Re: Sendmail and Reverse Lookups
- From: Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Jul 2008 13:35:32 -0500
On 07/22/08 12:01, chris052495@xxxxxxxxx wrote:
I'm new to the group and not a sendmail user but am trying to troubleshoot an issue for a sendmail user. hmm...
Ok... This will likely make things take longer, but hey, in theory it will work. ;)
My company uses an outside vendor to send Marketing emails to our members. One of our members using Sendmail to receive the emails is stating that Sendmail is blocking the emails because it cannot properly do a reverse lookup on the domain that the emails are coming from. The reverse lookup returns the vendors mail server IP/domain but not the "from" domain. the member says that "by default" Sendmail will reject the emails if it can't properly resolve.
I guess we need to know what ""default your member is referring to. Sendmail's default (as in from www.sendmail.org) does not reject messages by default do to a lack of matching DNS. Or at least it did not in older versions. About the only thing that is currently even remotely safe to reject on is the lack of a pointer record. So if a record does exist, it does not matter that much what it points to.
That being said, some vendors may build a "vendor default" config file that is much more stringent that requires more things. For example, a vendor default config may require reverse DNS for the connecting IP to match forward DNS for the fqdn returned by reverse DNS. Further some people require the HELO/EHLO name to match the fqdn. These tests are much less safe as there are still quite a few mail servers out there that do not even come remotely close to meeting these standards. (That being said it is a very good idea to implement new sending servers so that they would pass these types of tests.)
By default neither the (forward and / or reverse) DNS names of the system or the HELO/EHLO name have any baring on the envelope sender. I.e. I could set up a server that claims to be example.com while it is sending email for test.net with out a problem. This is also very common for servers that host email for many domains. The only thing that even remotely comes in to play with the envelope sender is something like SPF and / or Domain Keys and the likes that are used for the purported domain of the envelope sender to publicly say where email from that domain will come from.
Finally we get in the the message sender, or the From: header in the actual message. About the only thing that even reads this is some spam filters (usually ones that decide spam verses ham based on points for the number of and score of tests that were failed) and the email client.
Just about everything SMTP related is done based on connecting IP, fqdn there of, the HELO/EHLO name, and envelope sender, and of course envelope recipient to decide if relaying is taking place.
My company does not own the IP block so I can't add a PTR record and the vendor is making the case difficult, insisting that if they have their ISP add the record it could cause other issues with their clients.
Depending on what is going on, and as long as there is a pointer that resolves to the FQDN of the system which in turn resolves to (at least) the IP in question I think DNS is fine. You could possibly question what name is being used in the HELO/EHLO but other than that, things are likely fine.
Given that dns and FQDN are correct and matching, it could indeed cause more harm than good to add additional pointer records for the IP. Aside from the fact that there should only be one pointer record per IP you also introduce the possibility that the wrong pointer record will be used (by something that only handles one pointer record) and thus thinking that an IP references the wrong name.
I suppose what I'm really trying learn...is will Sendmail block "by default" an email if it can't perform a true reverse lookup?
Again, Sendmail from www.sendmail.org will not. I wonder if the vendor's default has been tweaked.
Thanks A Lot.
Grant. . . .
- Sendmail and Reverse Lookups
- From: chris052495
- Sendmail and Reverse Lookups
- Prev by Date: Re: regarding a spot of trouble sending mail
- Next by Date: Re: Protecting local aliases bug
- Previous by thread: Sendmail and Reverse Lookups
- Next by thread: Setting up sendmail on Solaris 10