In message <20060225132945.GA13782@???>, Wakko Warner
<wakko@???> writes
>Richard Clayton wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> In message <C225AB32CFB47940B20D6D32955D9FFC03E37996@???
>> .systemhost.net>, martin.dm.hull@??? writes
>>
>> >Previously, exim3 took the IP address of sending host, did a reverse
>> >lookup to get a host name and looked for a match in a file. If the
>> >customer domain was example.com, there would be 2 lines in the file for
>> >example.com and *.example.com. This worked well.
>>
>> ITYM, no-one attacked this scheme, so you were happy with it. Now you've
>> published the details you may not be happy for much longer :(
>>
>> If I own 128.232.15/24 then I can ensure that the reverse DNS for
>> 128.232.15.208 is "richard.example.com" without ever discussing this
>> with the good folks at Example Inc
>>
>> You will then authorise 128.232.15.208 to send email through your
>> systems under the false belief that Example Inc is responsible :( This
>> will do nothing for your reputation and connectivity :(
>
>IIRC, exim only accepts the name from rDNS if the DNS of that name matches
>the IP.
that's precisely what the original poster was complaining about :(
I was explaining the reasoning behind the change since exim3 ... and why
one would not wish to try and "fix it"
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755