[ExchangeList] Re: IMF config

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 2 Jun 2006 11:33:48 -0700

http://www.msexchange.org
-------------------------------------------------------

Agreed - the wording isn't as clear as it might be - I also thought of this as 
a blocking mechanism until I tried to use it. 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx 
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Periyasamy, Raj
Sent: Friday, June 02, 2006 10:35
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

http://www.msexchange.org
-------------------------------------------------------Jim,
You are right. I corrected myself after looking up the link,  
http://support.microsoft.com/kb/297412/en-us

Since the wording is ambiguous in the SMTP properties page, many think it is 
similar to the feature available in spam filters and gateway virus scanners.


HTH.
Regards,
Raj Periyasamy
MCSE(Messaging), CCNA



-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Friday, June 02, 2006 11:58 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

http://www.msexchange.org
-------------------------------------------------------

That's incorrect.
The Exch RDNS feature uses the actual source IP address of the current TCP 
connection to initiate a RDNS lookup and merely notes "RNDS Failed"
in the message headers if this lookup fails to match the sending host's domain. 
 The incoming message header is not examined at all in the context of RDNS.

The critical point is that unless:
1. you're the IP netblock owner
or
2. your ISP provides PTR services

..your correct PTR record won't exist for anyone but hosts that use your DNS 
server for all lookups and RDNS will fail.

You can use
http://www.dnsreport.com/tools/dnsreport.ch?domain=<insertyourdomainhere
> to validate this process.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Periyasamy, Raj
Sent: Friday, June 02, 2006 08:44
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

http://www.msexchange.org
-------------------------------------------------------Reverse lookup compares 
the stamped IP address in the message header versus the resolved IP address 
using the PTR record. If the sender forged the domain name it fails.


HTH.
Regards,
Raj Periyasamy
MCSE(Messaging), CCNA



-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Friday, June 02, 2006 11:39 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

http://www.msexchange.org
-------------------------------------------------------Unfortunately,
that analogy is flawed.
RDNS isn't "validating the origin"; it's "validating the PTR records in the 
netblock owner's DNS server" and nothing else.  There are quite a few folks 
that can't get a valid PTR record built because their ISP doesn't provide such 
a simple service.
The closest thing to your analogy is an SPF TXT record.  This uses the DNS 
associated with the sending mail domain to determine the validity of the 
sending host.

Also keep in mind that unless you're the netblock owner (<giggle> as if any SBS 
deployment could be), you can build PTR records in your public DNS all day long 
and not affect remote PTR lookups in any way whatsoever.

The only functional way to work around this is via smarthost that actually does 
have a valid PTR record.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Taylor, George
Sent: Friday, June 02, 2006 08:05
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

Hmmm, should I dance around like a god?  or do they even dance?  :-)
 
I have to disagree with you John.  It is standard practice to require a valid 
RDNS lookup in order to except a piece of mail.  Basically all you are doing is 
verifying that the sender is in fact who they say they are, or should I say the 
server connecting to your server is who it is advertising itself as.  As you 
say, take a look at the real world:
 
A guy walks into your mailroom wearing a purple shirt with a unibomber emblem 
and says "Take this package, it's from UPS..."  What's your mail clerk going to 
say?  "I'll take it because I don't care who you are, I just take all packages 
addressed to me..."?  I hope not, that's how things get blown up, that's how 
your email system will get blown up with viruses, spam, threats, etc...  If you 
cannot verify the origin of a piece of mail and you except it anyways, you put 
yourself at risk, a conscience email administrator is not going to allow that.
 
 
Just my .02
 
George Taylor
Systems Programmer
Regional Health Inc.
 

________________________________

From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, June 01, 2006 5:07 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config



Andrew, please tell me you are not actually considering doing this.

 

Yes, the big want-to-be Internet God's such as America Off Line block/refuse on 
no PTR, but that is not practical in the real world as the rest of us know it. 
Besides, I think America Off Line is just trying to get on Dan Quails' good 
side, if he has one.

 

John T

eServices For You

 

"Seek, and ye shall find!"

 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
Sent: Thursday, June 01, 2006 4:05 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: IMF config

 

Is there anyway to get IMF to drop emails that fail reverse lookup?

 

Thanks

Andrew

 


All mail to and from this domain is GFI-scanned.

-------------------------------------------------------
List Archives: //www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials:
http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 

-------------------------------------------------------
List Archives: //www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

-------------------------------------------------------
List Archives: //www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: