On 06/11/2010 05:48 PM, Stan Hoeppner wrote:
Wietse Venema put forth on 6/11/2010 9:21 AM:
Stan Hoeppner:
Does Postfix consider "architettobellucci.com" an FQDN? I've always
understood an FQDN as requiring all 3 of host.domain.tld. If my understanding
of FQDN is correct, then a spam slipped through that I believe should have
been rejected by reject_non_fqdn_helo_hostname. What have I configured
incorrectly that allowed this spam through?
Postfix's reject_non_fqdn_mumble features were intended to stop
hosts that announce themselves by their netbios name (e.g., HELO
OEMCOMPUTER).
Postfix does not know where the registration boundaries are (.com
and .org versus .co.uk and .ac.jp). Thus it uses the simplistic
"does the name contain at least one dot". This is by no means
bullet-proof with hosts (or domains) at the top level.
Thanks Wietse. For some reason I'd always assumed it was a little more
sophisticated than that. But as you point out, and upon reflection, it seems
it'd be pretty difficult to code this level of sophistication into the fqdn
checking.
As per DNS, any valid domain construct is, by definition, a valid hostname.
So foo.com is just as fully-qualified as bar.baz.sub.foo.com - just a
whole lot shorter.
For this simple reason, it is not possible to determine whether a
hostname is fully-qualified by its appearance alone.
A more complete check is to use reject_unknown_helo_hostname - this
verifies whether such a hostname actually *exists* in DNS, thus also
fulfilling the non-fqdn-check's premise of testing for a fqdn (a DNS A
record is, by definition, a fqdn.)
However, it costs a little more, of course - it has to do the lookup.
J.
