SMTP and Reverse DNS Lookup

Discussion in 'Server Networking' started by bpettus, Dec 28, 2005.

  1. bpettus

    bpettus Guest

    I'm trying to send a SMTP message to a non-windows mail hub via CDO. The
    mail hub is doing a reverse DNS lookup to verify my identity (no big
    surprise) but the name it is trying to verify is not the NetBIOS name of the
    sending machine. For example, the NetBIOS name of the sending server is like
    xx-yyyy-zzzz and the mail hub is trying to verify the name xxyyyyzzzz. I
    have tried getting support from the mail administrators with no success. I
    have searched our DNS system for entries matching the dash-stripped machine
    name with no success.

    My questions are

    1. Is Windows or CDO stripping the dashes (-) from the server name anywhere
    in the message transmission (in HELO or EHLO)?
    2. What should I be looking for in the DNS system?
    3. Should I be looking at other name resolution systems?

    Any assistance would be helpful.
    Thanks,
    Bruce.
     
    bpettus, Dec 28, 2005
    #1
    1. Advertisements

  2. It isn't that complex. It looks at the "From:" email address and grabs the
    Mail Domain from the right side of the "@" symbol and then does a reverse
    lookup to see if the result matches the IP# that the message actually came
    from. If the don't match the mesage may be rejected.

    Someday admins may "wakeup" and realize that reverse lookups are a rediculas
    thing to do to gaurd against spam. With many, if not most, mail servers
    now-a-days being published from behind proxy servers or NAT Firewalls it is
    very likely that perfectly legitement mail servers are not going to resolve
    backwards to the same IP# the message shows comming from. There are many
    *good* ways to filter out spam,....reverse-lookups are *not* one of them.
    Maybe someday they will figure that out.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Deployment Guidelines for ISA Server 2004 Enterprise Edition
    http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
    -----------------------------------------------------
     
    Phillip Windell, Dec 28, 2005
    #2
    1. Advertisements

  3. bpettus

    bpettus Guest

    Ok, so why do I get the message "Unable to verify name xxyyyyzzzz" when the
    right side of the "@" symbol was xx-yyyy-zzzz.domain? It seems to me that
    either Windows/CDO is stripping the dashes or the mail hub is. If the mail
    hub is stripping the dashes then shame on them for crossing their eyes and
    complaining that my message is invalid.
     
    bpettus, Dec 29, 2005
    #3
  4. Now that I don't know about. I'm not sure what Group to even ask about CDO
    in. Maybe on of the web development groups,...IIS?,...ASP?,...ASP.Net? You
    may just have to ask around, unless someone else around here knows and wants
    to jump in.

    I would think you could see if it is dropping the dashes before leaving your
    system with Netmon or similar. If it looks fine leaving your system then it
    is being screwed with at the destination or along the way somewhere. Not
    sure what else to suggest there.
     
    Phillip Windell, Dec 29, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.