Re: [exim] verify = helo, PTR record lookup

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MThomas Jacob at <-
MThomas Jacob at ->
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: exim-users
Subject: Re: [exim] verify = helo, PTR record lookup
Thomas Jacob wrote:
>
> C) the $sender_host_address can be reverse-resolved to the HELO string
> (PTR record lookup)
>
> A, B work as intended, but C somehow does not (at least not if the PTR
> record resolves to a name that has no A/CNAME entry itself, or the name
> does but points to a different IP)

That is, by definition, broken reverse DNS. If it didn't do the
double-check (look up the PTR record, then look up resulting host name
and make sure it points to the same IP), then anyone could spoof mail
supposedly coming from your site just by setting their PTR to point to
your domain name.

The fact that verify=helo fails here is a feature.

> Also, as I can see from the code, if verify=helo runs into
> temporary DNS problems, it fails rather than creates a
> defer, unlike most other DNS related checkers in Exim,
> could somebody confirm this please?

That, if true, would be a bug, I'd think. I don't actually use
verify=helo, so I can't say if I've ever seen it do that in production.

- Marc



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] verify = helo, PTR record lookupRe: [exim] verify = helo, PTR record lookup->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)