Re: Now well off-topic - was Re: [Exim] how to configure HEL…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Exim Users Mailing List
Data:  
Para: James P. Roberts
CC: Exim Users Mailing List
Assunto: Re: Now well off-topic - was Re: [Exim] how to configure HELO/EHLO and DNS for multi-homed hosts
[ On Tuesday, July 1, 2003 at 14:24:00 (-0400), James P. Roberts wrote: ]
> Subject: Re: Now well off-topic - was Re: [Exim] how to configure HELO/EHLO and DNS for multi-homed hosts
>
> > > OK, now you've lost me, Greg. I suspect there is something in
> > > what you said here that might explain the root of the disagreement.
> > > I just don't know what it is, yet.
> >
> > The reason the Reverse DNS can sometimes be used as a quite reliable way
>
> "sometimes" and "quite reliable" constitute an oxymoron. ;)


The only problem lies in the fact that there's no obvious or defined way
to know when it's safe to use the Reverse DNS to authenticate hostname
addresses. It's not a small problem, to be sure, but it's also usually
safe to ignore because other clues will usually give evidence as to when
these details need to be examined more closely by a sufficiently
experienced and responsible human.

> I don't disagree with you about the security aspects; however, I do continue
> to disagree with your belief that I have any "control" over my reverse DNS
> (direct or indirect). I do not, and it is my ISP's fault, and I do not have
> sufficient leverage over them to make them change, nor do I have any feasible
> alternative ISP available. THAT's the point you seem to be missing. Sadly, I
> am obviously not alone in this condition. It is an object lesson in the evils
> of monopolies.


I'm not missing anything. You are! :-) You are missing some sufficient
control over your Reverse DNS. The fact that folks like you are willing
to settle for this situation is what makes the monoply possible and
allows them to dictate the terms of your service to you. If you were to
co-operate with enough of your fellow customers then there's any manner
of possible fixes to this problem, including but not limited to the
possiblity of getting your own ARIN allocation and thus your own
IN-ADDR.ARPA delegation.

I certainly don't envy your position, but equally I can't condone it
either. People create the situations they must live with.

BTW, a quick search of the /24 your mailer lives in reveals that your
ISP is capable of, and does manage to, delegate PTRs to at least one of
their customers:

176.159.105.64.in-addr.arpa     CNAME   h-64-105-159-176.graves.com
177.159.105.64.in-addr.arpa     CNAME   h-64-105-159-177.graves.com
178.159.105.64.in-addr.arpa     CNAME   h-64-105-159-178.graves.com
179.159.105.64.in-addr.arpa     CNAME   h-64-105-159-179.graves.com
180.159.105.64.in-addr.arpa     CNAME   h-64-105-159-180.graves.com
181.159.105.64.in-addr.arpa     CNAME   h-64-105-159-181.graves.com
182.159.105.64.in-addr.arpa     CNAME   h-64-105-159-182.graves.com
183.159.105.64.in-addr.arpa     CNAME   h-64-105-159-183.graves.com



Perhaps you just haven't talked to the right people yet, or pushed the
right buttons yet. Perhaps the person responsible for graves.com can
give you some pointers and help you out.

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>