Autor: Marc Perkel Data: A: Richard Clayton CC: exim users Assumpte: Re: [exim] Automatic Whitelist Generation - Why wouldn't this work?
Richard Clayton wrote:
>> If you do a reverse lookup and then check to see if the name resolves to
>> the IP that you looked up you can tell it's fake.
>>
>
> Yes, only the domain owner will be able to add particular IP addresses to
> their records (if you assume DNS is secure, which could be unwise)
>
> BUT you'll get false positives as well because in the real world, things
> are never always quite so tidy :( and forward and reverse don't always
> match even when nothing specifically wicked is happening.
>
> ObExim: see "verify = reverse_host_lookup" for a way of testing for this
> in an ACL -- so you can reject perfectly good email for purist reasons :)
>
>
Remember - this is about determining who gets white listed, not
rejected. If they have an innocent rdns error then they don't get while
listed.