Comcast and mail header errors?
Ben Scott
dragonhawk at gmail.com
Wed Mar 22 12:36:01 EST 2006
On 3/22/06, Bruce Dawson <jbd at codemeta.com> wrote:
> Hmmm. What does linux.codemeta.com or pm.codemeta.com have to do with
> gnhlug.org's email?
Other than the fact that you're a GNHLUG member, nothing. I'm
pretty sure Paul is referring to mail you send directly to him, not
through a GNHLUG list. In particular, when you "Reply All", you send
a message direct to him, not via the list.
> pm.codemeta.com and linux.codemeta.com are on the same computer.
> One is a point-to-point connection to the outside world; the entry point to a
> firewall. The other is within the firewall (or at least should be).
Hey, I was right about the multiple IP addresses. :)
What I believe is happening is: Sendmail (or whatever you are using
on that box) believes the canonical host name is "linux.codemeta.com".
However, the IP stack has originated the connection to Comcast's MX
from 199.125.76.1. Comcast does a lookup on "linux.codemeta.com" and
gets 199.125.76.10 as an answer. Since they don't match, Comcast
calls that a "misconfigured sender".
Comcast's theory is that if you're claiming to be
"linux.codemeta.com", your IP address should match DNS for that name.
I can see their point, but like many mail security ideas, it has a
flaw: A host with multiple IP addresses can validly send from any of
them, but can have only one canonical name.
I've seen other mailers flag this before, but using a term other
than "misconfigured sender". I forget what term they used.
> If there are any questions about the configuration of that system ...
This is really more of a discussion of mail security in general, and
Comcast's terminology. You just happened to get dragged in as an
example. :)
-- Ben
More information about the gnhlug-discuss
mailing list