At 17:23 +0530 2003/03/30, Suresh Ramasubramanian wrote:
>Nico Erfurth <masta@???> wrote:
>> But heuristic checks (helo-name has to match hostname) aren't an
>> option. Checks for the usual faked helo-names are ok
>
>I don't advocate that. HELO name, for certain widely forged domains, has to
>come from an IP which has rDNS of that domain is all. HELO foo.yahoo.com
>can come from any IP with rDNS in yahoo.com (bar,baz,whatever).
>
> srs
>
all fine, except that the rDNS is the least reliable of all. For
instance ebay.com, that has got an rDSL to emailebay.com:
Received: from camppool10.emailebay.com ([216.33.244.109]
helo=camp10.sjc.ebay.com)
and they are clueless enough to fail even the direct lookup:
Non-authoritative answer:
Name: camp10.sjc.ebay.com
Address: 10.112.159.60
that makes two violations to RFC: helo name not pointing to server
and private address in public DNS.
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
