[Info-vax] Decuserve.org - Anyone know why it's down?

Bill Gunshannon bill at server3.cs.scranton.edu
Mon Jan 5 14:44:00 EST 2015 

In article <00AF0C71.35A9A1A4 at sendspamhere.org>,
	VAXman-  @SendSpamHere.ORG writes:
> In article <ch01i5F5rgqU1 at mid.individual.net>, bill at server3.cs.scranton.edu (Bill Gunshannon) writes:
>>In article <00AF0C69.FA2DB1D5 at sendspamhere.org>,
>>	VAXman-  @SendSpamHere.ORG writes:
>>> In article <cgvsc6F3j6iU5 at mid.individual.net>, bill at server3.cs.scranton.edu (Bill Gunshannon) writes:
>>>>In article <m8a72d$sl0$1 at dont-email.me>,
>>>>	Stephen Hoffman <seaohveh at hoffmanlabs.invalid> writes:
>>>>> On 2015-01-04 01:17:20 +0000, Simon Clubley said:
>>>>> 
>>>>>> On 2015-01-03, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>>>>>> 
>>>>>>> FWIW, the decuserve.org DNS resolution has been re-targeted.  The 
>>>>>>> domain is now resolving to a different, Boston-area IP address.
>>>>>>> 
>>>>>> 
>>>>>> What IP address are you seeing and what do you think the last IP address was ?
>>>>> 
>>>>> I reversed it back to an IP address that indicated it was a Verizon 
>>>>> FiOS static, which AFAIK / AFAICR is new.   IIRC, the old address 
>>>>> didn't reverse back to FiOS.  If not, "nevermind".
>>>> 
>>>>I hope that's going to change as it will definitely affect who the users
>>>>can send email to.
>>> 
>>> Why do you say that?
>> 
>>Many (one would hope most, if not all) proper MTA's will look at the entry
>>in the HELO (or EHLO) command in SMTP and attempt to match it to the DNS PTR
>>value.  If they don't match it is assumed the contacting MTA is spoofing
>>and will be rejected.
> 
> Again, why?  If FioS provides a static IP, then there should also be some
> way to provide DNS lookups for that static IP.  What good would static IP
> be without it??? 
> 

Sigh....


server1# nslookup

> set q=A

> decuserve.org

Non-authoritative answer:
Name:   decuserve.org
Address: 96.252.127.67



> set q=PTR

> 67.127.252.96.in-addr.arpa.

Non-authoritative answer:
67.127.252.96.in-addr.arpa      name = static-96-252-127-67.bstnma.fios.verizon.net.

Authoritative answers can be found from:
127.252.96.in-addr.arpa nameserver = ns7.verizon.net.
127.252.96.in-addr.arpa nameserver = ns5.verizon.net.
127.252.96.in-addr.arpa nameserver = ns8.verizon.net.
127.252.96.in-addr.arpa nameserver = ns6.verizon.net.


The A record is looked up based on the name which is registered to
Connect Worldwide, Inc. and so their nameserver is used.

But the PTR record is looked up using the numeric IP address and that
points to servers run by Verizon Online LLC.

This is the same problem run into by people using things like dyndns.

Here's one (sanatized) taken directly from my servers maillog.

Jan  5 00:05:22 mailhost postfix/smtpd[49341]: NOQUEUE: 
reject: RCPT from 67.107.123.196.ptr.us.xo.net[67.107.123.196]: 
450 4.7.1 <mia-p-mail-01.int.ppcit.net>:
Helo command rejected: Host not found; from=<xxxxxxx at pagepluscellular.com>
to=<xxxxxx at cs.uofs.edu> proto=SMTP helo=<mia-p-mail-01.int.ppcit.net>

Note that while the "helo" matches the name presented by the sending
MTA (line 3) it does not match the PTR Record (line 2) and the email
is rejected.

It ain't rocket science but running a proper email server is harder
than most people seem to think.  And if more of them were run properly
SPAM would rapidly disappear.

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>

More information about the Info-vax mailing list