Auteur: James P. Roberts Datum: Aan: exim-users Onderwerp: Re: [Exim] HELO & multiple domains
----- Original Message -----
From: "Tim Jackson" <lists@???>
To: "exim-users" <exim-users@???>
Sent: Sunday, November 23, 2003 4:57 PM
Subject: Re: [Exim] HELO & multiple domains
> Hi jzaw, on Sun, 23 Nov 2003 17:46:47 +0000 you wrote:
>
> > > helo_data = ${lookup{${lc:$sender_address_domain}}lsearch \
> > > {/etc/mail/domains/helo}{$value}{$primary_hostname}}
> > that looks v cool and i think ill add something similar to mine (im
> > also a relative newbie)
>
> Whilst that idea is potentially useful, can I just add a note of caution
> here that making up random HELO names that "sound good" is not a
> particularly good idea as a general rule - it is supposed to be meaningful
> so (as someone said) you should definitely have at least an A record for
> any HELO names you are giving, and if at all possible it would be good to
> have consistent reverse DNS. (I am sure Greg W will be pleased to put it
> in stronger words than that :)
>
> (Being pragmatic, I doubt you'll find many people enforcing consistent
> forward and reverse DNS but still, I think over time most people are
> gradually enforcing various standards with increasing strictness, purely
> to try to stop spam, so if for no other reason it would probably be a good
> idea to adopt "best practice" so you don't end up looking like a spammer
> to someone).
>
> If only for your own sanity, I would limit the number of "identities" to
> the bare minimum, because otherwise you are going to have to keep the DNS
> in sync for each "identity", which is likely to be a real PITA with any
> significant number of "identities" and is going to be an ever-growing and
> thankless task that ultimately doesn't really add any functional benefit
> (although I can fully appreciate the reasons behind it).
>
> > but the rdns will surely still turn up the numeric ip and that will in
> > turn turn up a potentially different domain name such as my generic
> > dsl-217-155-x-x.zen.co.uk
>
> Of course - however much you fiddle with HELOs, you are not going to be
> able to change the fact that someone can see your IP and do an rDNS on it.
> If this is a problem (e.g. due to "unprofessional" rDNS - and I know the
> problem, I've tried in the past to beat BT around the head to get any kind
> of controllable rDNS on a business ADSL line before with no success), you
> could look into getting a provider that gives you controllable rDNS.
> Although I haven't used them personally, I know for a fact that at least
> PlusNet in the UK do this (at least for business ADSL) and have heard good
> things about them. Needless to say, you'd also expect controllable rDNS
> with anything "above" ADSL i.e. leased lines, colocated machines,
> whatever.
>
> Assuming you had controllable rDNS, there are two possible solutions to
> the problem of people doing reverse DNS on a machine which is
> "masquerading" with different identities: you could have multiple PTR
> records for it, although since only one of them will typically get used in
> things like header lines, this may not help with the aesthetic aspect, or
> if you have multiple IPs at your disposal (which the original poster
> didn't, unfortunately) you could have multiple interfaces on the machine
> and use different IPs for different purposes each with its own unique
> forward and reverse DNS (this would probably be the best, and simplest way
> of achieving the "mutiple identities" desired).
>
>
> Tim
>
To which I would add, you can make a single ethernet card think it is multiple
IP's on the same network. (e.g. eth0:0 = x.x.x.1, eth0:1 = x.x.x.2, etc.) I
do this, for example, to distinguish my server traffic from NAT-ed LAN
traffic.