Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] verify = helo, PTR record lookup
Thomas Jacob wrote: >
> "matches the host name that Exim obtains by doing a reverse lookup of
> the calling host address"
>
> so basically "a reverse lookup" has to be read as
> "reverse lookup/lookup-again using Exim's host_lookup technique"? Hmm.
Yes. That's the meaning of "reverse lookup" everywhere it appears in the
exim docs. I'm not sure if that's explicitly spelled out anywhere -- if
not, perhaps it should be. Phillip?
> I realise that technically speaking C) doesn't conform to
> RFC 2821, but there seems to be a relevant number of legitimate
> MTA's out there, that sends mail using an IP with a reverse lookupable
> PTR
> record, that points to their HELO string, which in turn points to
> something stupid.
>
> And HELO-strings are worthless for IDing the true origin of
> an email anyway, but the PTR records of the IPs of
> compromised systems cannot easily be manipulated by spammers,
> but of course, they could simply do a PTR lookup of
> the spam zombie host and use that as a HELO string.
That's an argument against rejecting on verify=helo, not an argument
against relaxing the current reverse lookup behaviour.
In general, rejecting on verify=helo is a bad idea for many more reasons
than just incorrect reverse lookups.