Reverse DNS

There will always be opinions, both good and bad on how MagicSpam protection, rules and policies are used, and what the defaults should be. Different environments may have different needs. We try to find the perfect balance, and that is not always easy. Just remember that we have to satisfy millions of users.. not just one person.

Moderators: wizard, magicspam

Post Reply
mattcrane
Posts: 11
Joined: Wed Nov 05, 2008 5:48 pm

Reverse DNS

Post by mattcrane » Fri Nov 21, 2008 8:25 am

Hi There

Reverse DNS checks generally seem to fail, even though if i check the ip on a couple of other checkers, it successfully reverses back.

any ideas

Thanks

magicspam
Posts: 1087
Joined: Tue Oct 28, 2008 2:27 pm

Re: Reverse DNS

Post by magicspam » Fri Nov 21, 2008 2:21 pm

What do you mean when you say they "seem to fail"? Is there a certain IP address which is having trouble? Could you provide the IP address? Also, it could be that the DNS was recently changed for the IP address, and the changes have not propagated to the DNS server which your server is using.

Thanks.
-- MagicSpam Support Team --

ubellotti
Posts: 2
Joined: Fri Nov 13, 2009 5:41 pm

Re: Reverse DNS

Post by ubellotti » Fri Nov 13, 2009 5:49 pm

We are an ISP. Our problem is that besides the current best practices we need absolutely th SPF control on the sender domain, so that if a server is declared as legitimate to relay for that domain no other checks must be performed and the host granted to relay.

magicspam
Posts: 1087
Joined: Tue Oct 28, 2008 2:27 pm

Re: Reverse DNS

Post by magicspam » Mon Nov 16, 2009 10:02 am

We do not (yet) have SPF support built in to MagicSpam though this is on our future release feature board. It should be noted that this is primarily due to the various methods that email servers handle SPF.

For example - if one configures SPF checks in Postfix, then the policy can be configured as an 'authorized' check which actually takes place before MagicSpam can check anything. There are similar configurations for Qmail as well.

This being said, we do hope to have SPF support available early next year.
-- MagicSpam Support Team --

ubellotti
Posts: 2
Joined: Fri Nov 13, 2009 5:41 pm

Re: Reverse DNS

Post by ubellotti » Mon Nov 16, 2009 12:37 pm

Thank you for the prompt replay. I have enabled SPF check on Plesk. How can I however configure the mailserver so that SPF check comes first with respect to MagicSpam, or, in other words, that SPF is negatively decisive for spam attribute? Thank you again

magicspam
Posts: 1087
Joined: Tue Oct 28, 2008 2:27 pm

Re: Reverse DNS

Post by magicspam » Mon Nov 16, 2009 1:32 pm

This may depend on your version of Plesk...

This being said, we are not certain at this time at which layer Plesk handles SPF checks - if it is handling this in the Queue layer then the simple answer is 'you can't since MagicSpam operates before Queuing can take place (NOTE: this is to ensure your server does not generate backscatter).

We are aware of methods in standard Postfix to make this happen, which may be transferable to Plesk 9.x with Postfix set as the MTA, but we can't guarantee it as active development for SPF support in MagicSpam has not yet begun.

You may wish to direct your query to the Parallels forums to find out at what level in their various versions of Plesk Panel the SPF checks take place. Just so you are aware, MagicSpam checks take place within the SMTP layer immediately after the RCPT TO: command.

On a side note - it appears that the SPF configuration for Plesk Panel is primarily for 'deny' behavior - not permit...
-- MagicSpam Support Team --

magicspam
Posts: 1087
Joined: Tue Oct 28, 2008 2:27 pm

Re: Reverse DNS

Post by magicspam » Mon Mar 14, 2011 10:24 am

Is this particular case you are reporting also related to SPF records not being honored?

We should point out that the check_dynamic_reverse_dns rule is agnostic of that aspect - this IP address shows a PTR record that falls within the 'dynamic' style pattern normally associated with non server addresses - it is not a case of forward to reverse matching, but a case of Best Practice standards whereby a public server IP should have a proper FQDN indicative of the host and service - such as:

mail.telstra.net

or similar.

Post Reply

Return to “Discussions on Spam Protection Policies and Default Rules”

Who is online

Users browsing this forum: No registered users and 4 guests