On 2/25/06 7:19 AM, "Richard Clayton" <[EMAIL PROTECTED]> wrote:
>> IIRC, exim only accepts the name from rDNS if the DNS of that name matches >> the IP. > > that's precisely what the original poster was complaining about :( > > I was explaining the reasoning behind the change since exim3 ... and why > one would not wish to try and "fix it" It was by deliberate design, and it is unlikely to be "fixed" in an official Exim (speaking as one who will likely never define "official Exim" either before or after Philip retires). Without the check, someone who has control of the reverse lookup for w.x.y.z for any z can return any name he pleases, without the owner of the domain having any direct control. So reverse DNS without confirmation from what the domain owner DOES control is virtually meaningless. Here, we have elected to relax the requirement for the purpose of flagging "suspicious servers," accepting any result from reverse lookup as less suspicious than no result. We do that with a Python daemon which follows the rules we want to follow in the case of lookup failures, since Exim doesn't. Plus we still need a whitelist, which we keep in a small flat file called no_name_ok.txt, since there are real servers with sadly messed up name service (including many Washington state school districts, whose DNS is operated--not well--by the state). But Philip's rule is correct for producing a name which is somewhat trustable as meaning something. (Except for some problems being fixed with respect to how some servers return IPv6 results: even there, the rule is correct; the result ran afoul of some faulty servers.) --John -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
