On 25 Jun 2003, Andrew - Supernews wrote:
> Suppose I (ill-advisedly) have *.supernews.net in my relay_hosts list
> (I don't, this is just an example). badguy.net (who also controls
> rDNS for 1.2.3.*) sets up records:
Bad guys controlling rDNS zones are, thankfully, a (hopefully small)
subset of all the bad guys, but yes, I take your point.
> the workaround, of course, is to specify relay hosts only by IP.
Indeed. Or at least by non-wildcarded host names.
> The correct algorithm for rDNS lookup verification is this:
>
> for each hostname or alias name returned from the address lookup:
> perform forward lookup on the name
> if at least one IP in the forward lookup matches the connecting IP
> then accept the name
> else ignore it completely (delete it from the known aliases)
Noted. Thanks.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
