Thomas Jacob wrote: > > C) the $sender_host_address can be reverse-resolved to the HELO string > (PTR record lookup) > > A, B work as intended, but C somehow does not (at least not if the PTR > record resolves to a name that has no A/CNAME entry itself, or the name > does but points to a different IP)
That is, by definition, broken reverse DNS. If it didn't do the double-check (look up the PTR record, then look up resulting host name and make sure it points to the same IP), then anyone could spoof mail supposedly coming from your site just by setting their PTR to point to your domain name. The fact that verify=helo fails here is a feature. > Also, as I can see from the code, if verify=helo runs into > temporary DNS problems, it fails rather than creates a > defer, unlike most other DNS related checkers in Exim, > could somebody confirm this please? That, if true, would be a bug, I'd think. I don't actually use verify=helo, so I can't say if I've ever seen it do that in production. - Marc -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
