RE: [Exim] AOL - SPF - and EXIM

Top Page
Delete this message
Reply to this message
Author: Edgar Lovecraft
Date:  
To: 'Exim User's Mailing List'
Subject: RE: [Exim] AOL - SPF - and EXIM
David Brodbeck wrote:
>
> The thing is, I don't really see the point of the reverse DNS check. It
> doesn't accomplish anything. Someone claimed earlier that it's a form
> of server authentication, but it isn't really, because whoever controls
> reverse DNS for that IP can stick whatever they want in there. Looking
> up the A record tells you a lot more.


The PTR check acomplishes a whole lot, especially when combined with a
check against the A record that is returned by the reverse lookup. The
A record really does not tell you much more than the PTR record, IF you
are only looking at one or the other and not both at the same time.

> For example, if I get a connection from a server that says 'HELO
> mail.whitehouse.gov', and I do a reverse lookup on its IP and find
> 'mail.whitehouse.gov', all that tells me is that the person who does
> rDNS for that netblock set that value. It's almost as easy to fake as
> an identd lookup, and those are widely regarded as useless these days.
> But if I look up the A record for mail.whitehouse.gov and find the IP
> matches the server connecting to me, I have a pretty good idea that
> someone at whitehouse.gov was involved.


No you only think someone at whitehouse.gov was involved.

How about this:

connection from: 1.2.3.4
PTR lookup of 1.2.3.4 = test.domain.com
A lookup of test.domain.com = 1.2.3.4

Now we have a really good bet that when the client at 1.2.3.4 says
HELO test.domain.com really is test.domain.com. This tells us that
not only has 'domain.com' been involed, but so has the party that
has athority of the IP space they are connecting from.

If you do not 'verify' the HELO information by this kind of 'three way'
checking, then the HELO information is useless, especially when you
only check one or the other.

The 'authentication' (used here loosely) of the connecting client can
only come when all three pieces match, not just two.

Does that clarify why a proper DNS PTR record is important?

--

--EAL--