SMTP and Reverse DNS Lookup

12-28-2005, 07:59 PM

I'm trying to send a SMTP message to a non-windows mail hub via CDO. The
mail hub is doing a reverse DNS lookup to verify my identity (no big
surprise) but the name it is trying to verify is not the NetBIOS name of the
sending machine. For example, the NetBIOS name of the sending server is like
xx-yyyy-zzzz and the mail hub is trying to verify the name xxyyyyzzzz. I
have tried getting support from the mail administrators with no success. I
have searched our DNS system for entries matching the dash-stripped machine
name with no success.

My questions are

1. Is Windows or CDO stripping the dashes (-) from the server name anywhere
in the message transmission (in HELO or EHLO)?
2. What should I be looking for in the DNS system?
3. Should I be looking at other name resolution systems?

Any assistance would be helpful.
Thanks,
Bruce.

12-28-2005, 09:24 PM

"bpettus" <(E-Mail Removed)> wrote in message
news:89D6B3D2-14EB-4709-853D-(E-Mail Removed)...
> 1. Is Windows or CDO stripping the dashes (-) from the server name
anywhere
> in the message transmission (in HELO or EHLO)?
> 2. What should I be looking for in the DNS system?
> 3. Should I be looking at other name resolution systems?

It isn't that complex. It looks at the "From:" email address and grabs the
Mail Domain from the right side of the "@" symbol and then does a reverse
lookup to see if the result matches the IP# that the message actually came
from. If the don't match the mesage may be rejected.

Someday admins may "wakeup" and realize that reverse lookups are a rediculas
thing to do to gaurd against spam. With many, if not most, mail servers
now-a-days being published from behind proxy servers or NAT Firewalls it is
very likely that perfectly legitement mail servers are not going to resolve
backwards to the same IP# the message shows comming from. There are many
*good* ways to filter out spam,....reverse-lookups are *not* one of them.
Maybe someday they will figure that out.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

12-28-2005, 11:12 PM

Ok, so why do I get the message "Unable to verify name xxyyyyzzzz" when the
right side of the "@" symbol was xx-yyyy-zzzz.domain? It seems to me that
either Windows/CDO is stripping the dashes or the mail hub is. If the mail
hub is stripping the dashes then shame on them for crossing their eyes and
complaining that my message is invalid.

"Phillip Windell" wrote:

> It isn't that complex. It looks at the "From:" email address and grabs the
> Mail Domain from the right side of the "@" symbol and then does a reverse
> lookup to see if the result matches the IP# that the message actually came
> from. If the don't match the mesage may be rejected.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/pro...isaserver.mspx
> -----------------------------------------------------
>
>
>
>

12-28-2005, 11:43 PM

"bpettus" <(E-Mail Removed)> wrote in message
news:E31074FD-6EE9-405B-A6B5-(E-Mail Removed)...
> Ok, so why do I get the message "Unable to verify name xxyyyyzzzz" when
the
> right side of the "@" symbol was xx-yyyy-zzzz.domain? It seems to me that
> either Windows/CDO is stripping the dashes or the mail hub is. If the
mail
> hub is stripping the dashes then shame on them for crossing their eyes and
> complaining that my message is invalid.

Now that I don't know about. I'm not sure what Group to even ask about CDO
in. Maybe on of the web development groups,...IIS?,...ASP?,...ASP.Net? You
may just have to ask around, unless someone else around here knows and wants
to jump in.

I would think you could see if it is dropping the dashes before leaving your
system with Netmon or similar. If it looks fine leaving your system then it
is being screwed with at the destination or along the way somewhere. Not
sure what else to suggest there.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Zen reverse lookup	Richard Tobin	Broadband	16	12-07-2006 10:55 PM
Reverse lookup failure	Allan Butler	Linux Networking	6	09-18-2005 05:57 AM
Reverse ip lookup problem?	Retlak	Linux Networking	8	10-13-2004 07:59 PM
Reverse name lookup with WINS	Philippe	Linux Networking	0	09-12-2004 03:09 PM
DNS --> What exactly is reverse lookup Zones	Hareth	Windows Networking	7	06-19-2004 10:48 AM