fcrdns questions - Page 1

William

Asked: 2021-07-16 08:35:03 +0800 CST

iprev check for multiple ipv6 addresses

0

Can I add multiple PTR records mapping multiple IPV6 addresses to the same domain, and add multiple AAAA records mapping the same domain to to the same set of IPV6 addresses, to let pass the iprev check?

allo

Asked: 2016-09-20 22:01:50 +0800 CST

Does FCRDNS need the RDNS to be the same hostname than the first forward query?

0

Does forward confirmed reverse dns (fcrdns) only lookup ip to hostname and then hostname to ip or does it compare to the first hostname as well (especially in spam filtering)?

Let's say i have these records:

A reverse.somedomain: 127.0.0.1
A mail.somedomain: 127.0.0.1
A mail.mailserverdomain: 127.0.0.1
PTR 127.0.0.1: reverse.somedomain

A MTA tries to verify the RDNS of the host and resolves mail.mailserverdomain to 127.0.0.1, then reverse 127.0.0.1 to reverse.somedomain, and then forward reverse.somedomain to 127.0.0.1. Will this be a valid FCRDNS or does the PTR record need to point to the name given in the HELO command (how the mailserver identifies itself)?

The question boils down to the question, if FCRNDS uses two or three queries, so the sequence is either:

Got HELO mail.senderdomain
Resolve mail.senderdomain to the IP.
Resolve connecting IP to hostname.senderdomain

FAIL: hostname.senderdomain != mail.senderdomain

or

Got HELO mail.senderdomain
Resolve mail.senderdomain to the IP
Resolve IP to hostname.senderdomain
Resolve hostname.senderdomain to the same IP

SUCCESS: hostname.senderdomain matches the connecting ip and vice versa.

As a useful check needs to confirm the HELO hostname against the ip (else my mailserver could claim in HELO to be google), there will be a forward lookup, which is compared against the connecting ip. Then the next step is the reverse lookup, giving a hostname of the connecting ip. Now the shorter sequence would compare the hostnames, while the longer does another forward lookup and compares the ips.

If the first sequence is used, this would mean, that using functional hostnames like mail.domain in the mailserver configuration while using hostnames which identify a host in the rDNS like server123.domain would get your message flagged as possible spam.

allo

Asked: 2016-09-20 21:33:16 +0800 CST

Which DNS name is checked for TLS on a mailserver?

0

Let's say i have these records:

A mail.somedomain: 127.0.0.1
A mail.mailserverdomain: 127.0.0.1
MX somedomain: mail.somedomain

A MTA connects mail.somedomain for delivering mail to somedomain and gets a certificate for mail.mailserverdomain presented, and the MTA presents its hostname as mail.mailserverdomain in HELO.

Is this a valid TLS session or would this mean a certificate for a wrong hostname (expecting somedomain or reverse.somedomain)?

iprev check for multiple ipv6 addresses

Does FCRDNS need the RDNS to be the same hostname than the first forward query?

Which DNS name is checked for TLS on a mailserver?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Questions[fcrdns](server)