OT: Seeking opinion about reverse-DNS lookups on SMTP HELO
Aleksandar Milivojevic
amilivojevic at pbl.ca
Tue Dec 14 15:11:04 UTC 2004
HaJo Schatz wrote:
> To combat spam I have enabled reverse-DNS lookups of incoming SMTP
> connections. If the FQDN does not match the HELO-Identity, I reject the
> connection with a 550 Error.
Bad idea, as you witnessed on your own skin. Checking the HELO argument
sounds tempting in theory, but gets you in trouble sooner or later if
you implement it in practice.
The relevant RFCs use words domain and hostname in different places when
talking about argument to HELO command. They also say you *may* check
the argument, but you *should not* reject solely based on that check.
It was simply never ment to be used for strict checking. Don't use
things for what they were not intended to be used, or you'll be burned.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list