Name based hosts and bind

Barry Margolin barmar at alum.mit.edu
Thu Apr 24 03:08:20 UTC 2008 

In article <fuoso2$30ht$1 at sf1.isc.org>,
 "Bob Hoffman" <bob at bobhoffman.com> wrote:

> > Name-based web hosting doesn't use PTR.  It gets the name 
> > from the HTTP "Host:" request-header, which comes from the 
> > URL that was given to the browser.
> 
> Except I was talking about the mx records and how another mail server will
> want to look up who sent it. And they do look at PTR records and do not care
> if the site it came from is namebased or not, they want the ptr record.

I'm not sure what you're talking about.  MX records are used for SENDING 
mail, and have nothing to do with receiving mail.

> 
> 
> > 
> > In mail, the "Received:" header will typically look something like:
> > 
> > Received: from <HELO name> (<ip addr> [<PTR name>]) ...
> > 
> > I've heard of systems that will reject mail if the <HELO 
> > name> is not the same as the <PTR name>, but this is usually 
> > a bad idea.  It causes problems on multi-homed hosts, because 
> > they don't usually tailor their HELO name to the source IP of 
> > the SMTP connection.  The more acceptable check is that there 
> > IS a PTR record, and perhaps that <PTR name> resolves to <ip 
> > addr> (i.e. forward and reverse consistency).
> 
> And if I read you right, that is the area of my question. I have not set up
> sendmail enough yet to really use it or a name based site yet, but from what
> I hear they do reject if the mail was sent from mail.2ndsite.com (a name
> based) and the ptr says 1st.site.com (ip based on same ip as name based.)
> This is conjecture and I cannot prove it, but I know aol is a pretty fussy
> group.

Your use of the phrase "name based site" is really confusing me.  The 
only type of "name based site" I know of is virtual web hosting, as I 
described above.

You're correct that AOL is *very* stringent.  If you want to be as safe 
as possible, make sure the following are all true:

1. The IP your outgoing mail comes from has a PTR record pointing to 
<PTR name>.

2. <PTR name> has an A record containing that same IP.

3. The mailserver's <HELO name> is the same as <PTR name>.

You can have additional A records that point to that IP, they will never 
be noticed because the verification process starts with the IP.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list