Does forward confirmed reverse dns (fcrdns) only lookup ip to hostname and then hostname to ip or does it compare to the first hostname as well (especially in spam filtering)?
Let’s say i have these records:
- A reverse.somedomain: 127.0.0.1
- A mail.somedomain: 127.0.0.1
- A mail.mailserverdomain: 127.0.0.1
- MX somedomain: mail.somedomain
- PTR 127.0.0.1: reverse.somedomain
A MTA tries to verify the RDNS of the host and resolves
127.0.0.1, then reverse
reverse.somedomain, and then forward
127.0.0.1. Will this be a valid FCRDNS or does the PTR record need to point to the MX name?
The question boils down to the question, if FCRNDS uses two or three queries. Either Forward, Backward, Forward, or just Forward, Backward.
FCRDNS stands for “Forward Confirmed Reverse DNS”.
How this works is that, first, the PTR record of the connecting IP address is looked up. If it hasn’t got a PTR record, then the check instantly fails. A mail server with this feature on will then reject the connection, such as this rejection taken from my own mail server:
Sep 18 02:48:10 grummle postfix/smtpd: NOQUEUE: reject: RCPT from unknown[18.104.22.168]: 450 4.7.1 Client host rejected: cannot find your hostname, [22.214.171.124]; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<smtp49.rsend1.com>
Because 126.96.36.199 has no PTR record, the reverse DNS check fails.
The second step is to take the hostname that was returned, and look up its IP address. That IP address must match the IP address that made the connection to the server. This is what forward confirmed means. If it does not, then again we reject the connection. (So few make it this far that I don’t even have an example in the last week’s worth of logs.)
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.