cancel
Showing results for 
Search instead for 
Did you mean: 

Metronet reverse DNS

oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Metronet reverse DNS

Looks as if some of the plusnet email relays are identifying themselves with metronet.co.uk domains not plus.net .
Received: from [212.159.9.108] (helo=avasin20.plus.net)
nslookup 212.159.9.108
Canonical name: relay.metronet.co.uk
Doesn't matter most of the time but it means Spamcop refuses to parse the header.
4 REPLIES
Community Gaffer
Community Gaffer
Posts: 13,294
Thanks: 1,070
Fixes: 86
Registered: 04-04-2007

Re: Metronet reverse DNS

Not sure I understand what's happening here. You sure this isn't from an email sent from a Metronet customer to a Plusnet customer?
212.159.9.108 /is/ one of the virtual IPs for the Metronet relay server:
$ host smtp.metronet.co.uk
smtp.metronet.co.uk is an alias for relay.metronet.co.uk.
relay.metronet.co.uk has address 212.159.8.108
relay.metronet.co.uk has address 212.159.9.108

Huh

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Re: Metronet reverse DNS

I'm not entirely sure myself, as the message never went anywhere near metronet and going by the "helo" it ought to be a Plusnet IP.
Looking at an inbound email I get:
Return-path: <MargaretWimperis@biasbinding.com>
Envelope-to: x
Delivery-date: Mon, 02 Nov 2015 12:23:29 +0000
Received: from [212.159.8.109] (helo=avasin11.plus.net)
  by inmx05.plus.net with esmtp (PlusNet MXCore v2.00) id 1ZtE93-0005gT-QD
  for x; Mon, 02 Nov 2015 12:23:29 +0000
Received: from ndovu.orange.co.ke ([62.24.113.236])
by avasin11.plus.net with Plusnet Cloudmark Gateway
id ccPG1r005564yYW01cPLTP; Mon, 02 Nov 2015 12:23:29 +0000
X-BV-Spam-Flag: Yes

avasin11 identifies as a different IP address altogether:

At first it looked to me as if one of the virtual IPs for metronet has been "recycled" for one of the Plusnet mail gateways, and the RDNS either hasn't been changed or the change hasn't propagated. That can't be right though as if I connect to port 25 it identifies itself as "metronet" today.
It looks now more like some strange address translation or virtualization quirk.
Community Gaffer
Community Gaffer
Posts: 13,294
Thanks: 1,070
Fixes: 86
Registered: 04-04-2007

Re: Metronet reverse DNS

Having looked into things in more detail, I suspect this is intended behaviour and it's been like it for a while.
Quote from: oliverb
avasin11 identifies as a different IP address altogether:

It's not unusual for the incoming and outgoing interfaces of a network device to have different IP's, and you're right to assume that a lot of these IP's will be virtual interfaces.
It is odd that the avasin > inmx interface presents the IP I'd usually associate with the Metronet relay server though, and I can't say I've noticed it before Huh

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

oliverb
Grafter
Posts: 606
Registered: 02-08-2007

Re: Metronet reverse DNS

I wouldn't have noticed it at all if it wasn't that the Spamcop message parser checks RDNS for each relay in turn and won't continue if the domains don't match.
The metronet RDNS thing is relatively new, last month or two I'd have thought. Prior to that I'm fairly sure RDNS returned "plus.com" domains which seemed to be close enough for it to work.
On closer examination: The messages that it parses OK ALL show 212.159.8.109 (portalrelay.plus.net) and the ones that it rejects read  212.159.9.108 (relay.metronet.co.uk).