Re: [Exim] multiple PTR and HELO check

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Andrew - Supernews
CC: exim-users
Subject: Re: [Exim] multiple PTR and HELO check
On 25 Jun 2003, Andrew - Supernews wrote:

> Suppose I (ill-advisedly) have *.supernews.net in my relay_hosts list
> (I don't, this is just an example). badguy.net (who also controls
> rDNS for 1.2.3.*) sets up records:


Bad guys controlling rDNS zones are, thankfully, a (hopefully small)
subset of all the bad guys, but yes, I take your point.

> the workaround, of course, is to specify relay hosts only by IP.


Indeed. Or at least by non-wildcarded host names.

> The correct algorithm for rDNS lookup verification is this:
>
> for each hostname or alias name returned from the address lookup:
> perform forward lookup on the name
> if at least one IP in the forward lookup matches the connecting IP
> then accept the name
> else ignore it completely (delete it from the known aliases)


Noted. Thanks.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book