Hello exim-users@exim.org,
From the docs of the verify = helo operation
it appears that this check succeeds if
A) the HELO string is an IP literal that matches $sender_host_address
[127.0.0.1]
OR
B) the HELO string is a name can be resolved to the
$sender_host_address
OR
C) the
Thomas Jacob wrote:
C) the $sender_host_address can be reverse-resolved to the HELO string
(PTR record lookup)
A, B work as intended, but C somehow does not (at least not if the PTR
record resolves to a name that has no A/CNAME entry itself, or the name
does but points to a different IP)
On Tue, 2007-06-12 at 10:30 -0400, Marc Sherman wrote:
That is, by definition, broken reverse DNS. If it didn't do the
double-check (look up the PTR record, then look up resulting host name
and make sure it points to the same IP), then anyone could spoof mail
supposedly coming from your
Thomas Jacob wrote:
matches the host name that Exim obtains by doing a reverse lookup of
the calling host address
so basically a reverse lookup has to be read as
reverse lookup/lookup-again using Exim's host_lookup technique? Hmm.
Yes. That's the meaning of reverse lookup everywhere it
Marc Sherman wrote:
Thomas Jacob wrote:
matches the host name that Exim obtains by doing a reverse lookup of
the calling host address
so basically a reverse lookup has to be read as
reverse lookup/lookup-again using Exim's host_lookup technique? Hmm.
Yes. That's the meaning of reverse
I realise that technically speaking C) doesn't conform to
RFC 2821, but there seems to be a relevant number of legitimate
MTA's out there, that sends mail using an IP with a reverse lookupable
PTR
record, that points to their HELO string, which in turn points to
something stupid.
Marc Sherman wrote:
FYI, the requirement that the PTR and A records must match is in RFC
1912, section 2.1, paragraph 2.
Well, if I summarize RFC
RFC1912 section 2.1, paragraph 2
Also,
PTR records must point back to a valid A record, not a alias defined
by a CNAME.
RFC2821
Renaud Allard wrote:
That means if a mail server has a PTR of
123.123.123.123.dynamic.example.net, that
123.123.123.123.dynamic.example.net resolves to its IP, and server
HELOes with www.google.com. The remote mail server MUST NOT reject the
message based on this info.
Can someone cancel
On 12 Jun 2007, at 17:15, Thomas Jacob wrote:
I use it to exempt MTAs with a valid helo string from some other
processing, and for that a check helo str=simple reverse lookup
would be nice thing to have.
Is there perhaps a way to achieve this using other Exim features?
with Exim you can do
On Tue, 12 Jun 2007 11:13:07 -0400, Marc Sherman
[EMAIL PROTECTED] wrote:
FYI, the requirement that the PTR and A records must match is in RFC
1912, section 2.1, paragraph 2.
RFC1912 is informational only, there is no requirement.
That said, a lot of spam comes from hosts without proper
On Tue, 12 Jun 2007, Renaud Allard wrote:
Well, if I summarize RFC
RFC1912 section 2.1, paragraph 2
Also,
PTR records must point back to a valid A record, not a alias defined
by a CNAME.
RFC2821 section 3.6
The domain name given in the EHLO command MUST BE either a primary
11 matches
Mail list logo
