On Sun, 22 Sep 2002, James P. Roberts wrote:
> Leonardo Boselli:
> > The reverse lookup should be made then in this way: get the
> > declared address, than make a reverse lookup. if this lead to
> > another hostname do a direct lookup on this other name , if at least
> > for this reverse and forward correpond, it is all ok.
>
> I think that would be quite reasonable.
>
> How about simply doing a forward lookup on the hostname
> declared at EHLO, and verifying that the IP address of the
> associated DNS A record (a) exists, and (b) is the same as
> the machine actually trying to connect? Would that not be
> adequate? I have not yet been made to understand when
> a reverse lookup would buy anything, especially since so
> many large ISPs don't set up reverse DNS entries correctly.
You could have some confidence in a connection which passed this.
Without having tried it, I don't know about the connections which
would fail. Are they all from dial-ups which should be going
through their ISP's smarthost, or is this going to block
legitimate mail from broken hosts ?
----
The one time I though I wanted reverse-lookup info was for dial-ups
with a fixed name but dynamic address, but I now think that I want
them to go through their ISP's smarthost.
That would stop people (some who post here) from working around their
clueless ISPs, but they are probably in the DUL blocks anyway.
Once upon a time you could put more faith in the IP number than the
name, because you didn't have to worry about the deceitful, network
administrators were universally competent, and the weakest link was
insufficiently competent users setting up there own machines.
In that senario, reverse lookup is worth the effort.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna