[ On Tuesday, September 18, 2001 at 13:02:26 (-0400), Dave C. wrote: ]
> Subject: Re: [Exim] Trying to compare HELO data with actual host info in a filter...
>
> My main point was, that the number of cases where some (legitimate)
> mailer is misconfigured, or their rDNS is incorrect (or even
> nonexistant) is FAR more common than spam falling into this category.
Why do people keep mentioning rDNS? I didn't say anything about rDNS.
I do check the reverse DNS for all TCP connections to my hosts, and I do
reject all connections on all TCP services whenever there's a
discrepancy in the forward and reverse names. I do this with TCP
Wrappers "paranoid" flag, and with similar features in other software
(eg. my own version of fingerd). Such discrepancies cannot be
distinguished from real-time DNS spoofing attacks and so are a possible
indication of an attack.
I.e. I don't require rDNS of my network clients, but I do require that
it be correct if it is present. There's nothing special about SMTP in
this case -- I treat all protocols equally and fairly.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@???> <woods@???>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
