Re: postfix - reject of incoming mail due to helo check??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Feb 3, 2012 at 7:01 AM, Stephen Harris <lists@xxxxxxxxxx> wrote:
>
>> many "false" positives. There is no definitive RFC requirement that the
>> mapping has to match.
>
> But it's a standard security feature (on Solaris NFS server it was
> added around 1996, I think).  Without the match I could set my servers
> IP address to be "mail.google.com".  No one should believe me unless
> a forward lookup matches.  It is commonly considered "broken" for rDNS
> to return a value that doesn't match forward DNS.

If you say something is "broken", you should quote the RFC with the
MUST requirement that it breaks.  I don't think there is one for this.
 The forward and reverse naming control is delegated 2 different ways
and may not be under the same person's control.   It is also
relatively common to have multi-homed hosts with the same name for
multiple interfaces, or connections that go through NAT where the host
doesn't even know what source address will appear on its connections.

-- 
  Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux