Portal Home > Knowledgebase > Articles Database > Enforcing PTR checks on mail servers
Enforcing PTR checks on mail servers
| Posted by NexDog, 12-18-2008, 12:01 AM |
| Enforcing PTR checks on mail servers
Greetings WHTers.
For mail server admins, do you enforce PTR (reverse dns checks) on incoming mail? All hosts know to have rDNS set on their mail IPs to ensure free-flowing outbound mail but do you also enforce the check on inbound.
And does anyone know of somewhere that shows stats on the state of net and what perecentage use PTR checks etc?
__________________
⢠Laurence Flynn â In our EIGTH year of great hosting!
⢠HostNexus - #1 Web Hosting Provider - now with VPS!
⢠Plesk Hosting Solutions brought to you by HostNexus - since 2001.
⢠It's the all NEW HostNexus - Check it out! -
|
| Posted by Jonathan Kinney, 12-18-2008, 01:20 PM |
| The most resolution checking that I see by default on servers is normal forward DNS checking, as in does this host name you claim to be from actually exist. PTR checking would be nice to have as a default for mail servers, but I do not see that very often.
__________________
Jonathan Kinney
Data Systems Specialist
Advantagecom Networks, Inc.http://www.simplywebhosting.com
|
| Posted by Eric - Zoidial, 12-18-2008, 02:07 PM |
| Enforcing PTR checking is not something I do by default on incoming mail since it seems there are enough legitimate hosts that don't have proper name resolution (or at least, I've seen a few occurrences that stopped me from turning such a feature on). Also a DNS hiccup would result in refused mail in such a case - although DNS issues would result in far worse problems as well. I do let spamassassin add a score to these, however (albeit very small).
|
| Posted by Blesta-Paul, 12-18-2008, 03:05 PM |
| Pretty much all the big guys verify the existence of PTR records. Anyone that expects their email to make it to the destination should have a PTR record. We require them on our network and it does mitigate some spam.
__________________â Blesta - Professional Billing Softwareâ We are about creating good experiencesâ Trial - Demo | Toll Free: 1-866-478-7567
|
| Posted by Steven, 12-18-2008, 04:20 PM |
| Laurence,
I used to enforce PTR checks, but sadly... with the knowledge that it needs to be done. There is many isps which have poor PTR configurations. Mine included (sbc yahoo) which results in lost mail. I just stick with a nice spam assassin configuration these days.
__________________Steven CiaburriSystem Administration ExtraordinaireCompetent Linux Server Management from Rack911
|
| Posted by NexDog, 12-18-2008, 09:25 PM |
| We don't enforce it on Linux but have been on a few Windows servers. A few clients have been upset though. We all know to have rDNS setup on our IPs but it's funny that not many actually enforce the check on their incoming mail.
__________________
⢠Laurence Flynn â In our EIGTH year of great hosting!
⢠HostNexus - #1 Web Hosting Provider - now with VPS!
⢠Plesk Hosting Solutions brought to you by HostNexus - since 2001.
⢠It's the all NEW HostNexus - Check it out! -
|
| Posted by WeWatch, 12-19-2008, 11:08 AM |
| We used it on our security appliance (The Box) and it worked great at blocking all SPAM. However, the false positives due to not enough people (email admins) knowing how important it is, was over the top and we had to disable it and find other methods for identifying SPAM.
Members in the SpamAssassin group agree that blocking email based on missing PTR does produce too many false positives.
__________________
Thomas J. Raef
WeWatchYourWebsite - so you don't have to!Report: How Cybercriminals Use Your Website to Deliver Their Malware
|
Add to Favourites 
Print this Article
Also Read
.htaccess (Views: 768)
Shared Hosting
Shared Hosting
