On Tue, 24 Nov 2015, Reindl Harald wrote:
i would suggest when the Received header for the *first* untrusted hop
Just so we're clear on first vs. last: the host that submitted the mail to the most-remote MTA whose headers you trust.
don't contain a reverse dns information *and only then* do that lookup directly in SA if network tests are enabled
This seems to me a reasonable approach. There's no need to check RDNS on hops prior to the final untrusted hop (chronologically speaking).
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- To be civilized is to restrain the ability to commit mayhem. To be incapable of committing mayhem is not the mark of the civilized, merely the domesticated. -- Trefor Thomas -----------------------------------------------------------------------