Re: [exim] hosts = *.kolido.net not matched, even the PTR ex…

Top Page
Delete this message
Reply to this message
Author: exim-users
Date:  
To: Heiko Schlittermann
CC: exim-users
Subject: Re: [exim] hosts = *.kolido.net not matched, even the PTR exists?
On Sun, 2007-01-07 at 22:16 +0100, Heiko Schlittermann wrote:
> in my ACL there I've a rule
>
>     deny    hosts = *.kolido.net

>
> But exim accepts connections from 91.184.48.154.
>
> If I check the DNS, I find that
>     91.184.48.154's PTR ms105.nl.kolido.net
> though
>     ms105.nl.kolido.net A 193.239.6.105

>
> So the PTR does not fit to the A record.


>     >>> processing "deny"
>     >>> check hosts = *.kolido.net
>     >>> sender host name required, to match against *.kolido.net
>     >>> host in "*.kolido.net"? no (failed to find host name for 91.184.48.154)
>     >>> deny: condition test failed

>
> If I understand the spec, (section 10.13), there is nothing mentioned
> about "double" checking the PTR:


if it didn't double-check, it would be a massive security hole.
_anyone_ can set up a PTR to point to your domain name. sure, it's not
a problem for "deny", but many people use this for "accept", too.

--
Kjetil T.