Re: [exim] verify = helo, PTR record lookup

Top Page
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: exim-users
Subject: Re: [exim] verify = helo, PTR record lookup
Thomas Jacob wrote:
>
> "matches the host name that Exim obtains by doing a reverse lookup of
> the calling host address"
>
> so basically "a reverse lookup" has to be read as
> "reverse lookup/lookup-again using Exim's host_lookup technique"? Hmm.


Yes. That's the meaning of "reverse lookup" everywhere it appears in the
exim docs. I'm not sure if that's explicitly spelled out anywhere -- if
not, perhaps it should be. Phillip?

> I realise that technically speaking C) doesn't conform to
> RFC 2821, but there seems to be a relevant number of legitimate
> MTA's out there, that sends mail using an IP with a reverse lookupable
> PTR
> record, that points to their HELO string, which in turn points to
> something stupid.
>
> And HELO-strings are worthless for IDing the true origin of
> an email anyway, but the PTR records of the IPs of
> compromised systems cannot easily be manipulated by spammers,
> but of course, they could simply do a PTR lookup of
> the spam zombie host and use that as a HELO string.


That's an argument against rejecting on verify=helo, not an argument
against relaxing the current reverse lookup behaviour.

In general, rejecting on verify=helo is a bad idea for many more reasons
than just incorrect reverse lookups.

- Marc