timeouts from one machine and not another

[Paul L. Allen]

OK, this reply is slightly off-topic, but only slightly, because it
addresses how likely it is that SMTP servers will cause problems for
nagios. 

Aristedes Maniatis writes: 

> Many SMPT servers do a reverse DNS lookup on the host which is connecting 
> in order to apply spam filtering rules, HOST checking, etc.

It was sensible of you to tell him to check this, just in case.  However,
most SMTP servers do NOT do a reverse DNS lookup. 

The general concensus is that doing a reverse DNS lookup is a bad idea.
It adds a (potentially slow) DNS lookup for each item of mail.  It blocks
good mail from servers that have no control over their reverse DNS (which
is surprisingly common).  These days spam is increasingly from zombies,
home computers on ADSL that have been infected by viruses, and many of
them have ISPs that DO have reverse DNS for all their users. 

As a spam blocking measure it has little positive effect, which is
outweighed by the negative effects.  AOL's mail servers keep saying that
they about to implement reverse DNS lookups, but they don't.  Microsoft
removed the option to do reverse DNS lookups from Exchange a while ago
because it caused more trouble than it's worth. 

So most SMTP servers don't do reverse DNS lookups.  What would be a better
idea is to add a DNS RRTYPE of MS (mail sender) meaning server X is a valid
mail relay for domain Y.  Then you can say that if you get mail from a
sender which is not a valid MS for the sender you can drop it on the floor
(these days, with forged senders, bouncing just causes more problems).
That would do a LOT of good.  ISPs could say that only their mail servers
are valid senders for their users.  Well, you'd probably want an MSPTR
RRTYPE to, so you could give an IP address and get a list of valid mail
relays.  With both RRTYPES you have things covered with minimal effort
by the likes of AOL (this is in our dialup block, here are our relays)
and companies who provide mail services for people who dial-in through
somebody else.  The transition period would be a bit of a bitch, but I
see between 15,000 and 30,000 spams a day addressed to non-existent users
@softflare.com (if our spam filters didn't catch over 99% of them I'd go
postal) so I think something like that will eventually have to happen. 

Note, what is referred to here is technically not reverse DNS lookup, but
that is the informal terminology used by most people these days (I mention
this only because of Andreas) and I use the term as it is understood by
most people.  In France, dictionaries define how people MUST use words; in
the UK, dictionaries define how people DO use words (which is why "cleave"
is its own antonym).  In technical writing one should be precise, but when
almost everyone misuses "reverse DNS" there's no point fighting it,
especially as the real "reverse DNS" of the RFCs was never widely
implemented. 

-- 
Paul Allen
Softflare Support 




-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null