Re: [exim] Automatic Whitelist Generation - Why wouldn't thi…

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Richard Clayton
CC: exim users
Subject: Re: [exim] Automatic Whitelist Generation - Why wouldn't this work?


Richard Clayton wrote:



>> If you do a reverse lookup and then check to see if the name resolves to
>> the IP that you looked up you can tell it's fake.
>>
>
> Yes, only the domain owner will be able to add particular IP addresses to
> their records (if you assume DNS is secure, which could be unwise)
>
> BUT you'll get false positives as well because in the real world, things
> are never always quite so tidy :( and forward and reverse don't always
> match even when nothing specifically wicked is happening.
>
> ObExim: see "verify = reverse_host_lookup" for a way of testing for this
> in an ACL -- so you can reject perfectly good email for purist reasons :)
>
>


Remember - this is about determining who gets white listed, not
rejected. If they have an innocent rdns error then they don't get while
listed.