cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Metronet reverse DNS

oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Metronet reverse DNS

‎02-11-2015 12:17 PM

Looks as if some of the plusnet email relays are identifying themselves with metronet.co.uk domains not plus.net .
Received: from [212.159.9.108] (helo=avasin20.plus.net)
nslookup 212.159.9.108
Canonical name: relay.metronet.co.uk
Doesn't matter most of the time but it means Spamcop refuses to parse the header.
Message 1 of 5
(1,397 Views)
0 Thanks
4 REPLIES 4
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,768
Thanks: 4,774
Fixes: 307
Registered: ‎04-04-2007

Re: Metronet reverse DNS

‎02-11-2015 5:38 PM

Not sure I understand what's happening here. You sure this isn't from an email sent from a Metronet customer to a Plusnet customer?
212.159.9.108 /is/ one of the virtual IPs for the Metronet relay server:
$ host smtp.metronet.co.uk
smtp.metronet.co.uk is an alias for relay.metronet.co.uk.
relay.metronet.co.uk has address 212.159.8.108
relay.metronet.co.uk has address 212.159.9.108

Huh

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 2 of 5
(1,027 Views)
0 Thanks
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Metronet reverse DNS

‎03-11-2015 8:22 AM

I'm not entirely sure myself, as the message never went anywhere near metronet and going by the "helo" it ought to be a Plusnet IP.
Looking at an inbound email I get:
Return-path: <MargaretWimperis@biasbinding.com>
Envelope-to: x
Delivery-date: Mon, 02 Nov 2015 12:23:29 +0000
Received: from [212.159.8.109] (helo=avasin11.plus.net)
	  by inmx05.plus.net with esmtp (PlusNet MXCore v2.00) id 1ZtE93-0005gT-QD 
	  for x; Mon, 02 Nov 2015 12:23:29 +0000
Received: from ndovu.orange.co.ke ([62.24.113.236])
	by avasin11.plus.net with Plusnet Cloudmark Gateway
	id ccPG1r005564yYW01cPLTP; Mon, 02 Nov 2015 12:23:29 +0000
X-BV-Spam-Flag: Yes

avasin11 identifies as a different IP address altogether:

At first it looked to me as if one of the virtual IPs for metronet has been "recycled" for one of the Plusnet mail gateways, and the RDNS either hasn't been changed or the change hasn't propagated. That can't be right though as if I connect to port 25 it identifies itself as "metronet" today.
It looks now more like some strange address translation or virtualization quirk.
Message 3 of 5
(1,027 Views)
0 Thanks
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,768
Thanks: 4,774
Fixes: 307
Registered: ‎04-04-2007

Re: Metronet reverse DNS

‎03-11-2015 11:53 AM

Having looked into things in more detail, I suspect this is intended behaviour and it's been like it for a while.
Quote from: oliverb
avasin11 identifies as a different IP address altogether:

It's not unusual for the incoming and outgoing interfaces of a network device to have different IP's, and you're right to assume that a lot of these IP's will be virtual interfaces.
It is odd that the avasin > inmx interface presents the IP I'd usually associate with the Metronet relay server though, and I can't say I've noticed it before Huh

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 4 of 5
(1,027 Views)
0 Thanks
oliverb
Grafter
Posts: 606
Registered: ‎02-08-2007

Re: Metronet reverse DNS

‎03-11-2015 12:19 PM

I wouldn't have noticed it at all if it wasn't that the Spamcop message parser checks RDNS for each relay in turn and won't continue if the domains don't match.
The metronet RDNS thing is relatively new, last month or two I'd have thought. Prior to that I'm fairly sure RDNS returned "plus.com" domains which seemed to be close enough for it to work.
On closer examination: The messages that it parses OK ALL show 212.159.8.109 (portalrelay.plus.net) and the ones that it rejects read  212.159.9.108 (relay.metronet.co.uk).
Message 5 of 5
(1,027 Views)
0 Thanks