mx record ?

Kevin Darcy kcd at daimlerchrysler.com
Wed Sep 15 00:06:38 UTC 2004


Stephen Reese wrote:

>When recieving mail from a source suchas paypal i've noticed the following:
>
>Received: from smtp1.nix.paypal.com (smtp1.nix.paypal.com
>[::ffff:64.4.240.74])
>  by prcdigital.com with esmtp; Mon, 13 Sep 2004 20:37:10 -0400
>
>but when someone recieves an email from us:
>
>Received: from prcdigital.com (mail.prcdigital.com [::ffff:66.35.133.90])
>     (TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA)
>     by ns.neocipher.net with esmtp; Tue, 14 Sep 2004 16:01:46 -0400
>
>or
>
>Received: from mail.prcdigital.com (localhost [::ffff:127.0.0.1])
>     by prcdigital.com with esmtp; Tue, 14 Sep 2004 16:58:15 -0400
>
>The only difference is one was sent out using outlook and the other using
>webmail. The issue that is really bothering me is the ns.neocipher.net and
>then in the second one the localhost part. Am I even correct that this is
>a dns issue?
>
No, it's almost certainly not a DNS issue. Part of your mail 
infrastructure appears to be configured to forward mail messages over 
the loopback connection while at the same time claiming to be 
"mail.prcdigital.com". The Received: header shows both the claimed name 
and the actual client source (loopback, i.e. 127.0.0.1) of that 
particular mail hop, as an aid to spoof detection. The extent of DNS'es 
involvement here would be the *reverse* (address to name) mapping of 
127.0.0.1 to "localhost" (although, depending on what OS you use, and/or 
how it is configured, the loopback address may have been translated into 
the name "localhost" without being looked up in DNS at all). None of the 
*forward* (name to address) mappings in the prcdigital.com zone that you 
showed in your original message should have had any bearing on any of this.

                                                                         
                                                - Kevin




More information about the bind-users mailing list