Humm... should I understand that it is worthless to configure reverse on DNS
for Mail?
-----Mensaje original-----
De: Nigel Metheringham
[
mailto:Nigel.Metheringham@dev.intechnology.co.uk]
Enviado el: Monday, November 19, 2001 9:40 AM
Para: Rolando Riley
CC: exim-users@???
Asunto: Re: [Exim] double check DNS
On Mon, 2001-11-19 at 14:07, Rolando Riley wrote:
> Is Exim capable to do double checking of DNS? That is can it check that
> both part of the email resolve?
> i.e. rriley@???
> It would check mydomain.com
>
> mydomain.com
> 168.77.14.2
>
> And after that also would check backwards
>
> 168.77.14.2
> name.mydomain.com
This makes *no* sense whatsoever.
Think of this
fred@???
fred is a customer of bigass ISP, so
vanity.domain MX 0 smtp-in.bigass.net
smtp-in.bigass.net A 192.168.32.1
A 192.168.32.2
You receive mail from fred, who is quite normally using his ISP's
outgoing mail server, so you see a connection from 192.168.33.1, which
reverse maps to smtp-out-1.bigass.net
The checks you suggest will drop this mail, they will also stop you
receiving mail from large ISPs that virtual host many thousands of
domains on mail servers, and people legimately relaying off the ISP they
are connected to currently but receiving mail at another address etc.
If you do this you will receive mail at random - *lots* just won't work.
IMHO reverse DNS has no place whatsoever in mail handling. If you use
it as a policy then trying to match up reverse DNS to sender domain is
doomed to total failure, requiring a match between HELO fqdn and IP has
a better justification, but is totally useless for real policy control.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]