Print Page | Close Window

"Domains" and "FROM Emails" BlackLists (differences?)

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=1501
Printed Date: 26 December 2024 at 7:25pm


Topic: "Domains" and "FROM Emails" BlackLists (differences?)
Posted By: Guests
Subject: "Domains" and "FROM Emails" BlackLists (differences?)
Date Posted: 28 July 2003 at 1:52am

Hi,

I don't exactly understand against wich information the two lists (Domains and FROM Emails) are compared!!

I put the same information in both.

I understand the two are compared against the SMTP From!

Is there a way to test the reverse DNS-name?

Thank you!

Gaby


Replies:
Posted By: Guests
Date Posted: 28 July 2003 at 2:47am

Hi,

I answer to myself!

I re-read the "How it works" and I understand but my question remains!

Is there a way to test the reverse DNS-name? easier than IP classes (I think so)?

Thanks,

Gaby

Posted By: Guests
Date Posted: 28 July 2003 at 9:35am

> Is there a way to test the reverse DNS-name?

Manually:

Take the message header, and find the from address. In my case, it would be mailto:xxx@mtprint.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - xxx@mtprint.com .

Shell out to Dos and type (without the dashes):

- nslookup
(for those not familiar with TCP/IP, this is name server lookup)
- set type=mx
(only show me mail server records)
- mtprint.com
(show me the domain mtprint.com -- this can be any domain you'd like to see)

You should see something like:
mtprint.com   MX  preference = 10, mail exchange = mail.mtprint.com
mail.mtprint.com    internet address = 209.183.146.39

Now, check the header of the message. If the message from me originated from 209.183.146.39, then you have a proper rDNS.

Anyone have a quicker way of doing this?

- Al

Posted By: Guests
Date Posted: 28 July 2003 at 11:36am

Just realized that this might not always be the case.

For example, you could have a client that has an email address of  mailto:???@mtprint.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ???@mtprint.com , but the mail comes from their ISP. So, you could receive the message from their ISP's mail server mailto:???@uunet.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ???@uunet.net (or whomever). You'd have to do the rDNS on the mail server address, not the client email address.

Did I confuse things?

- Al

 

Posted By: Guests
Date Posted: 28 July 2003 at 4:32pm

I think you are right!

I'm waiting for a Blaclists of hostname (with RegEx) because I think the server name is more "stable" than the "From" that is often forged!

Thanks,

Gaby

 

Posted By: Desperado
Date Posted: 28 July 2003 at 8:52pm

RDNS actually only refers to resolution on the IP address that the email arrived on.  This does not have to be in any way related to the actual MX record.  I may, in fact, be the WAN IP of the router it came from.  The only requirement is the it actually resolves.  If it dowe resolve, than someone or some organization is taking responsibility for the identification and use of that IP.  The actual test for RDNS is to take the IP of the machint that LAST touched your mail server, or actually made the connection and use that IP to see if there is a valid "PTR" record.  In DOS, if you have "nslookup" you do the following:

> nslookup  <enter>

> set type=ptr  <enter>

> xx.xx.xx.xx  <enter>  (The ip to check)

The result will be a timeout if the dns server doesn't respond or doesn't exist or will give you a fully qualified domain name if it has valid RDNS.

Dan S.

 


Print Page | Close Window