Re: [Exim] HELO acl

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Suresh Ramasubramanian, Nico Erfurth
CC: exim-users
Subject: Re: [Exim] HELO acl
At 17:23 +0530 2003/03/30, Suresh Ramasubramanian wrote:
>Nico Erfurth <masta@???> wrote:
>> But heuristic checks (helo-name has to match hostname) aren't an
>> option. Checks for the usual faked helo-names are ok
>
>I don't advocate that. HELO name, for certain widely forged domains, has to
>come from an IP which has rDNS of that domain is all. HELO foo.yahoo.com
>can come from any IP with rDNS in yahoo.com (bar,baz,whatever).
>
>     srs

>


all fine, except that the rDNS is the least reliable of all. For
instance ebay.com, that has got an rDSL to emailebay.com:

Received: from camppool10.emailebay.com ([216.33.244.109]
helo=camp10.sjc.ebay.com)

and they are clueless enough to fail even the direct lookup:

Non-authoritative answer:
Name:    camp10.sjc.ebay.com
Address:  10.112.159.60


that makes two violations to RFC: helo name not pointing to server
and private address in public DNS.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/