CNAMEs, PTR records and paranoid MTA's

[Carl Brewer]

G'day,

I recently installed Juniper's smtpd mailer daemon (to get rid of
open relaying permitted by smap), and one of the things it
enforces is strict DNS resolution.

In particular, it wants a node's claimed name to match its
IP address in the DNS, and rejects connections from nodes that
don't do this (at least, as I understand smtpd's behaviour).

eg:

> teapot06.domain1.bigpond.com
Server: oversteer.bl.echidna.id.au
Address: 203.6.241.132

Non-authoritative answer:
Name: teapot06.bigpond.com
Address: 139.134.5.237
Aliases: teapot06.domain1.bigpond.com

> 139.134.5.237
Server: oversteer.bl.echidna.id.au
Address: 203.6.241.132

Name: teapot06.domain1.bigpond.com
Address: 139.134.5.237

> teapot06.bigpond.com
Server: oversteer.bl.echidna.id.au
Address: 203.6.241.132

Non-authoritative answer:
Name: teapot06.bigpond.com
Address: 139.134.5.237

This node (an example, there are many) is being rejected by smtpd,
(bigpond.com is the Australian Telco "Telstra"'s ISP). I think
it's being rejected because while the machine claims to be
teapot05.domain1.bigpond.com, when smtpd does a forward lookup it
sees "teapot06.bigpond.com", which doesn't match the reverse lookup,
and so it's rejecting it. Is bigpond.com in error with their
setup, or is smtpd rejecting mail it shouldn't? ie: is it
correct and/or advisable to have a PTR record pointing to a CNAME?
As I understand it is isn't, but I want to be sure before I
suggest to the largest ISP in Australia that the fix their DNS :)

My applologies if this is posted to the wrong newsgroup, it seems
like the most logical place for it, but I may be mistaken.

--
#include <stddisclaimer.h>