Re: [Exim] double check DNS

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Rolando Riley
CC: exim-users
Subject: Re: [Exim] double check DNS
On Mon, 2001-11-19 at 14:07, Rolando Riley wrote:
>     Is Exim capable to do double checking of DNS? That is can it check that
> both part of the email resolve?
>     i.e.    rriley@???
>     It would check mydomain.com

>
>     mydomain.com
>     168.77.14.2

>
>     And after that also would check backwards

>
>     168.77.14.2
>     name.mydomain.com


This makes *no* sense whatsoever.

Think of this
    fred@???


fred is a customer of bigass ISP, so
    vanity.domain MX 0 smtp-in.bigass.net


    smtp-in.bigass.net    A 192.168.32.1
                A 192.168.32.2


You receive mail from fred, who is quite normally using his ISP's
outgoing mail server, so you see a connection from 192.168.33.1, which
reverse maps to smtp-out-1.bigass.net

The checks you suggest will drop this mail, they will also stop you
receiving mail from large ISPs that virtual host many thousands of
domains on mail servers, and people legimately relaying off the ISP they
are connected to currently but receiving mail at another address etc.

If you do this you will receive mail at random - *lots* just won't work.

IMHO reverse DNS has no place whatsoever in mail handling. If you use
it as a policy then trying to match up reverse DNS to sender domain is
doomed to total failure, requiring a match between HELO fqdn and IP has
a better justification, but is totally useless for real policy control.

    Nigel.



-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]