On Sun, 2007-01-07 at 22:16 +0100, Heiko Schlittermann wrote:
> in my ACL there I've a rule
>
> deny hosts = *.kolido.net
>
> But exim accepts connections from 91.184.48.154.
>
> If I check the DNS, I find that
> 91.184.48.154's PTR ms105.nl.kolido.net
> though
> ms105.nl.kolido.net A 193.239.6.105
>
> So the PTR does not fit to the A record.
> >>> processing "deny"
> >>> check hosts = *.kolido.net
> >>> sender host name required, to match against *.kolido.net
> >>> host in "*.kolido.net"? no (failed to find host name for 91.184.48.154)
> >>> deny: condition test failed
>
> If I understand the spec, (section 10.13), there is nothing mentioned
> about "double" checking the PTR:
if it didn't double-check, it would be a massive security hole.
_anyone_ can set up a PTR to point to your domain name. sure, it's not
a problem for "deny", but many people use this for "accept", too.
--
Kjetil T.
