著者: Wakko Warner 日付: To: Richard Clayton CC: exim-users 題目: Re: [exim] problems with host authentication (no IP address found
forhost ...)
Richard Clayton wrote: > -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In message <C225AB32CFB47940B20D6D32955D9FFC03E37996@???
> .systemhost.net>, martin.dm.hull@??? writes
>
> >Previously, exim3 took the IP address of sending host, did a reverse
> >lookup to get a host name and looked for a match in a file. If the
> >customer domain was example.com, there would be 2 lines in the file for
> >example.com and *.example.com. This worked well.
>
> ITYM, no-one attacked this scheme, so you were happy with it. Now you've
> published the details you may not be happy for much longer :(
>
> If I own 128.232.15/24 then I can ensure that the reverse DNS for
> 128.232.15.208 is "richard.example.com" without ever discussing this
> with the good folks at Example Inc
>
> You will then authorise 128.232.15.208 to send email through your
> systems under the false belief that Example Inc is responsible :( This
> will do nothing for your reputation and connectivity :(
IIRC, exim only accepts the name from rDNS if the DNS of that name matches
the IP.
So if: 128.232.15.208 resolves to richard.example.com, but
richard.example.com doesn't exist, then exim won't accept the name
richard.example.com
The only way I know to get the name from rDNS w/o checking forward DNS is to
use the dnsdb lookup.
--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???