Re: [Exim] double check DNS

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Matthew Byng-Maddick
CC: exim-users
Subject: Re: [Exim] double check DNS
On Mon, 19 Nov 2001, Matthew Byng-Maddick wrote:

> On Mon, Nov 19, 2001 at 02:39:42PM +0000, Nigel Metheringham wrote:
> > IMHO reverse DNS has no place whatsoever in mail handling. If you use
>
> I'd like to see that a mail server sending me mail has a valid reverse
> lookup (as this helps with abuse reports, often), by which I mean, one
> that will forward lookup to one or many IPs one of which is the IP that
> you did the reverse lookup on.
>
> > it as a policy then trying to match up reverse DNS to sender domain is
>
> Yes. for the reasons you explained.
>
> > doomed to total failure, requiring a match between HELO fqdn and IP has
> > a better justification, but is totally useless for real policy control.
>
> That isn't necessarily a reverse lookup. It is better to try and do a
> lookup of the IP address of the machine that has just said HELO, and see
> if that corresponds to the machine that is connecting. This stops all
> those received lines in spams of:


MANY, MANY legitimate hosts on the internet are not configured to give a
HELO string that matches any hostname that corrosponds to any IP
address..

The best thing to do about bogus HELO strings is to make sure that your
Received headers always indicate the real IP address of the remote
connection, and clearly distinguish between a hostname derived from
reverse lookup (if any), and the string given as an argument to HELO.

The default received header inserted by modern versions of exim does a
pretty good job of this.

There is nothing you can do about Received: headers that were inserted
in the message prior to your receiving it.

>
>   Received: from spammer_1234@??? ([2.5.1.3] helo=yahoo.com) by
>      ...

>
> by stopping that happening in the first place.
>
> MBM
>
>


--