[AusNOG] Microsoft missing RDNS

Gavin gavin at orion-online.com.au
Fri Jun 11 10:17:42 EST 2021


They have a swathe of issues on those IP's, not just reverse. Here is a 
snippet of an email header from an email received on my systems:

Received: from SY4AUS01FT010.eop-AUS01.prod.protection.outlook.com
  (2603:10c6:10:0:cafe::45) by SYBPR01CA0024.outlook.office365.com
  (2603:10c6:10::36) with Microsoft SMTP Server (version=TLS1_2,
  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22 via Frontend
  Transport; Tue, 1 Jun 2021 00:35:55 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 139.130.208.5)
  smtp.mailfrom=<domain name>; <domain name>; dkim=none (message not
  signed) header.d=none;<domain name; dmarc=none action=none
  header.from=<domain name>;


SPF failures within their systems and they have also found their way 
onto the barracuda RBL for some IP's, specifically 40.92.63.28


Regards
Gavin Roche..



On 11/6/21 9:57 am, Mal wrote:
>
> Last couple days for sure...  but has been going longer with 
> 40.92.62-63.0/24 for a couple weeks
>
> Which for any decent postfix MTA configuration will cause a 554.
>
> >
> Jun 10 09:20:20 cust-mta01 postfix/smtpd[8137]: NOQUEUE: reject: RCPT 
> from unknown[40.92.62.80]: 554 5.7.1 Client host rejected: cannot find 
> your reverse hostname, [40.92.62.80]; from=<user at outlook.com> 
> to=<customer at domain.com.au> proto=ESMTP 
> helo=<AUS01-SY4-obe.outbound.protection.outlook.com>
>
> Mal
>
>
>
>
> On 11/06/2021 8:47 am, Mike Manning wrote:
>>
>> Hi all,
>>
>> Anyone else here experiencing missing RDNS for a swath of IP’s from 
>> Microsoft on a few different subnets? I’ve opened a ticket with 
>> Microsoft netops for it and I’ve done an rDNS bypass on our local 
>> antispam filter however we’re now seeing o365 clients with the same 
>> issue when trying to receive emails from anyone with an @outlook.com 
>> or @msn.com email address.. where do you draw the line in adding 
>> bypass after bypass?
>>
>> host 40.92.63.85
>>
>> Host 85.63.92.40.in-addr.arpa. not found: 3(NXDOMAIN)
>>
>> host 40.92.62.31
>>
>> Host 31.62.92.40.in-addr.arpa. not found: 3(NXDOMAIN)
>>
>> *Mike Manning*
>> *Network Engineer*
>>
>> *Matilda Internet*
>> ________________
>>
>> (Telephone +61 7 4953 0711
>> (Fax +61 7 4849 5000
>> 29 Gregory Street, Mackay, QLD 4740, Australia
>> *Emailmike at matilda.net.au
>> <mailto:mike at matilda.net.au>Websitewww.matilda.net.au
>> <http://www.matilda.net.au/>
>>
>> This email and any files transmitted with it are confidential and are 
>> intended solely for the use of the individual or entity to whom it is 
>> addressed.  If you are not the recipient be advised that you have 
>> received this email in error and that any use, dissemination, 
>> forwarding, printing copying or use of the contents contained in this 
>> e-mail and any file attachments is strictly prohibited. If you have 
>> received this email in error please immediately notify the sender by 
>> telephone or by reply email to the sender.  You must destroy the 
>> original transmission and its contents.  It is recommended that you 
>> virus test the information and any attachments.  Matilda Internet 
>> does not accept liability for any loss or damage howsoever occurred 
>> as a result of this email transmission or any attachments to it.
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210611/99fad418/attachment.html>


More information about the AusNOG mailing list