Mailing List CGatePro@mail.stalker.com Message #106425
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: Detect Blacklisted by DNS Name
Date: Sat, 20 May 2017 17:02:12 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

Well, in that case, I suppose CGP verified that mail14.pikou.vip was really 23.110.134.117. Which it is. But the reverse may not be true.

This is just wild guesses though.

Nicolas Hatier, ing. <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-05-20 13:59, Gib Henry wrote:

Wow, thanks!  That’s certainly not obvious.  I had always assumed that the  line “Received: from mail14.pikou.vip ([23.110.134.117] verified)” meant that CGP had verified that 23.110.134.117 really was mail14.pikou.vip.  Not so, apparently.  Seems counter-intuitive.  Cheers,
--
Gib Henry


On 5/20/17 10:59 AM, Nicolas Hatier wrote:
The blacklist by DNS name does a PTR request on the IP address.

While mail14.pikou.vip has an A record pointing to 23.110.134.117, 23.110.134.117 does not have a PTR record pointing to mail14.pikou.vip.

Nicolas Hatier, ing. <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-05-20 10:55, Gib Henry wrote:

I am currently set to block all traffic originating from the top-level domain .vip:

However, that appears to fail, because this message came through:

Return-Path: <23-174-11971677.LjExMC41NC4xNDY-pm-1-1-36983-312-hvotzem524@mail14.pikou.vip>
Received: from mail14.pikou.vip ([23.110.134.117] verified) by…

I see rejections from mrsend.it, so I know the detection can work.  What am I missing in this case?  Can I not block an entire top-level domain?  Cheers,
--
Gib Henry




Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster