Bloody useless network admins.

There are so many badly configured DNS and mail servers out there!! Recently I installed and configured Postfix on this server and set it as the main mail exchanger (MX). In an effort to combat the amount of spam I receive I’ve made the default restrictions fairly hash but not, I think, irrationally so. Yet many legitimate mail sources are getting bounced due to their hosting ISP’s complete and utter incompetence when it comes to DNS.

The main issue is usually inaccurate PTR to A RR lookups. Ie, a host with an IP 1.2.3.4 has a PTR record that resolves to ip-1-2-3-4.example.com but when you look up the A record for ip-1-2-3-4.example.com you get NXDOMAIN. FECK! That is so completely broken! Postfix of course, rightly assumes that this could be a DNS spoofing attack and temporarily rejects (SMTP reponse 450) the mail as coming from an “unknown host”.

Another right doozy is when mail servers say “HELO im.this.host.com” when im.this.host.com doesn’t resolve because it’s an internal (to the sending network) host name. Or better yet say “HELO smtp.example.com” yet their IP resolves to something completely different.

A prayer to all network admins: “Fix your fucking DNS!!!”.

Some tools to help you:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s