On Sun, Jul 17, 2011 at 11:36:49PM +0200, Patrick Lists wrote:
> On 07/17/2011 11:24 PM, Always Learning wrote:
> > *almost* correct. In Linux, like Unix and the pre-Microsoft days,
> > uppercase letters have a different numerical value to lowercase letters.
> >
> > Uppercase 'COM' is definitely not the same as lowercase 'com'.
>
> Please correct me if I am wrong but afaik upper-/lowercase does not
> matter in DNS. Also, I am not aware of e.g. Postfix actually rejecting
> (with reject_unknown_client_hostname) a FQDN with capitals when a FQDN
> in lowercase was expected.
Postfix HELO verification simply does the relevant DNS lookups; if they
succeed then the HELO is OK.
Postfix IP verification does the IP rDNS lookup, then a forward lookup
of the result; if the result set includes the original IP then it
succeeds.
Case doesn't matter unless the underlying DNS libraries somehow break
on case. Which they shouldn't :-)
In the example given earlier:
HELO / EHLO: smtpe1.intersmtp.com
HELO IP: 62.239.224.89
MX IP: 62.239.224.234
MX DNS A record: smtp61.intersmtp.com
The HELO name successfully resolves to 62.239.224.89, so passes.
Now the source IP address isn't given but if it was 62.239.224.89 then
postfix would have done
62.239.224.89 -> smtpe1.intersmtp.COM.
and then
smtpe1.intersmtp.COM. -> 62.239.224.89
Since the final IP address matches the source IP address then the connecting
IP address check would also have passed.
You'll note the MX IP and A records aren't actually involved, in this
case!
After 5+ years of running these checks myself, I finally got fed up with
all the stupid companies who had broken DNS (including banks and ISPs
and Fortune 500 companies - my "white list" made 99 entries!) that
I eventually turned it off and just use the Zen RBL. It lets through
spam that the stricter checks would reject, but it's good enough.
--
rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
