On Thu, Aug 06, 1998 at 10:42:43AM -0400, Peter Radcliffe wrote:
> Philip Hazel <ph10@???> probably said:
> > The problem is that reverse lookups don't always work. Maybe Exim should
> > try both methods? And while we are on the subject, I have now and again
> > wondered whether, having done a reverse lookup, Exim should in any case
> > do a forward lookup for confirmation?
>
> I'm with tcp wrappers on this one - forward and reverse should match
> if you are using DNS for any type of authentication.
>
> Many people will have circumstances where this isn't feasable, however,
> so I'd say an option to turn on the extra DNS checking for the paranoid
> amoung us would be nice.
Same here. Ideally, I'd love something that can either:
A. do nothing
B. log a mismatch
C. reject a mismatch.
David
--
David Shaw | dshaw@??? | WWW http://www.cs.jhu.edu/~dshaw/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
--
*** Exim information can be found at
http://www.exim.org/ ***
