Add a static host entry ?

Unanswered Question
Dec 9th, 2009

Hi all.

Is there any way to add a static host entry to a C300 ESA?
I could not find anything like this in the GUI/CLI.

Every mail that goes from our internal mail gateways out through the C300s gets tagged with a Received header like this:

Received: from unknown (HELO mail1.ourdomain.com) ([x.x.x.x])
by mx1.ourdomain.com with ESMTP; 09 Dec 2009 01:53:21 +0100

which somewhat annoys me...

How can I make the reverse lookup match the HELO hostname?
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Donald Nash Wed, 12/09/2009 - 13:22

As far as I know, there is no way to do this in AsyncOS. You need to have your DNS servers resolve this address. If the internal mail server has an RFC1918 address then you'll need to configure your ESA to use your local DNS servers rather then the root servers. That's the only way to get correct resolution on locally administered addresses.

Nicolas Melay Wed, 12/09/2009 - 19:30

OK, thanks for pointing to the DNS setup.
You can actually setup an alternate DNS server for a specific domain there, so I just needed to override my current (provider's) DNS servers for my reverse DNS zone (xx.xx.in-addr.arpa).

In my case, with only 2 internal mail servers relaying to the ESA, host entries would have been a simpler and more robust way to do it, but the DNS override does the job.

My outgoing Received headers now look pretty. :)

Donald Nash Wed, 12/09/2009 - 19:52

You can actually setup an alternate DNS server for a specific domain there

That's news to me, but I haven't looked at those settings for several years.

My outgoing Received headers now look pretty.

But if your IP addresses are indeed RFC1918, then anyone looking up the host name in those pretty headers will either get an address they can't use, or the name simply won't resolve. Either way, the correctness of the situation is debatable. At least "unknown" is correct from an external point of view.

If you're using publicly routable addresses then the question becomes, why won't your ISP either put in correct PTR records for you or delegate to you?
Nicolas Melay Fri, 12/11/2009 - 20:00

Yes, these are RFC1918 IPs.

My view on this is that Received headers are only here as a diagnostic tool.
No one is supposed to try to hack back to a random intermediate mail relay.

The "unknown" hostname just seemed to point to a misconfiguration, so I'd rather have a clean header.

Donald Nash Fri, 12/11/2009 - 20:53

No one is supposed to try to hack back to a random intermediate mail relay.


No, but it is reasonable to expect the recipient to verify the path for any one of several reasons. Tracing back to a name that won't resolve could cause consternation or suspicion.

Actions

This Discussion