Re: [Exim] Trying to compare HELO data with actual host info…

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: Exim Users Mailing List
Subject: Re: [Exim] Trying to compare HELO data with actual host info in a filter...
[ On Tuesday, September 18, 2001 at 13:02:26 (-0400), Dave C. wrote: ]
> Subject: Re: [Exim] Trying to compare HELO data with actual host info in a filter...
>
> My main point was, that the number of cases where some (legitimate)
> mailer is misconfigured, or their rDNS is incorrect (or even
> nonexistant) is FAR more common than spam falling into this category.


Why do people keep mentioning rDNS? I didn't say anything about rDNS.

I do check the reverse DNS for all TCP connections to my hosts, and I do
reject all connections on all TCP services whenever there's a
discrepancy in the forward and reverse names. I do this with TCP
Wrappers "paranoid" flag, and with similar features in other software
(eg. my own version of fingerd). Such discrepancies cannot be
distinguished from real-time DNS spoofing attacks and so are a possible
indication of an attack.

I.e. I don't require rDNS of my network clients, but I do require that
it be correct if it is present. There's nothing special about SMTP in
this case -- I treat all protocols equally and fairly.

-- 
                            Greg A. Woods


+1 416 218-0098      VE3TCP      <gwoods@???>     <woods@???>
Planix, Inc. <woods@???>;   Secrets of the Weird <woods@???>