Logging of ptr Lookups
Logging of ptr Lookups
When a ptr record (aka "reverse DNS entry") is required for non-authenticated senders, the results of that lookup should be a part of the SMTP activity log and a part of the e-mail headers. That would save time when creating and analyzing abuse complaints.
-
MailEnable
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Fred,
good suggestion. There is some progress along these lines ...
1. More configurable logging is being provided to allow you to report on things like RBL lookups, PTR, SPF, etc. This functionality should shortly be available (I think it can actually be enabled in current releases
ROOT: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Connectors\SMTP
ValueName: Debug Logging Level
Value Type: DWORD
Value: (Non-existent or 5 = default), 10 = full
(If your wanting more logging, you need to be using 1.6 Pro or later; dont know if the setting works with 1.8 standard edition or later).
2. The results of lookup tests, etc are being added to the command files and, as messages pass through the MTA, actions can be put in place to markup the message with the headers. I think eventually it may also be optional to do it as the message is received also. (I dont think this has yet been released - even as registry configurable).
good suggestion. There is some progress along these lines ...
1. More configurable logging is being provided to allow you to report on things like RBL lookups, PTR, SPF, etc. This functionality should shortly be available (I think it can actually be enabled in current releases
ROOT: HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Connectors\SMTP
ValueName: Debug Logging Level
Value Type: DWORD
Value: (Non-existent or 5 = default), 10 = full
(If your wanting more logging, you need to be using 1.6 Pro or later; dont know if the setting works with 1.8 standard edition or later).
2. The results of lookup tests, etc are being added to the command files and, as messages pass through the MTA, actions can be put in place to markup the message with the headers. I think eventually it may also be optional to do it as the message is received also. (I dont think this has yet been released - even as registry configurable).
Regards, Andrew
I enabled full logging and it results in a monstrous debug file. Each piece of incoming e-mail results in over a dozen blacklist lookup entried (e.g., brazil.blackholes.us, nigeria.blackholes.us, etc.). For the debug file, I'd like to be able to see errors, such as timeouts, on RBL lookups -- not each and every lookup.MailEnable wrote:1. More configurable logging is being provided to allow you to report on things like RBL lookups, PTR, SPF, etc. This functionality should shortly be available (I think it can actually be enabled in current releases
What I'd really like is ptr information in the SMTP Activity logs. After the connection is shown, show the results of the ptr lookup.
Also, put the ptr lookup results in the received headers. For example:
Now: Received: from visa.com ([209.197.131.132]) by mydomain.com with MailEnable ESMTP; Tue, 12 Jul 2005 17:12:18 -0400
Proposed: Received: from visa.com ([209.197.131.132] = ham53-uas-2-209197131132.3web.net) by mydomain.com with MailEnable ESMTP; Tue, 12 Jul 2005 17:12:18 -0400
The latter immediately shows that the sender EHLO/HELO (visa.com) does not match the ptr record. If the message purports to be from visa.com and is a phishing scheme, just glancing at the received headers shows that it's not from visa.com. It also shows that a complaint about the message should be directed to 3web.net. Suppose you get an e-mail from a banker in Nigeria who wants to split millions of dollars with you. It might be interesting to discover that his ISP is actually wanadoo.fr.
Thoughts?
