On Thu, Dec 20, 2018 at 11:31:27AM +0100, Aham Brahmasmi wrote:
> Monsieur Gilles,
>
[...]
> > This will result in smtpd replacing the welcome banner with the message,
> > then dropping the client connection if they don't have a reverse DNS and
> > a matching forward DNS. You can apply the check at further phases if you
> > need to log more details, this is up to you.
>
> Thank you for the check-fcrdns filter. Would it be possible for you to
> please share your thoughts on the filter, specifically the checks that
> the filter performs.
>
> Given a client IP 29.3.20.19 trying to send email, which of these
> checks will the filter perform?
>
> i) Resolve 29.3.20.19 to the set of hostnames. If no hostname is
> returned, reject connection.
>
Yes, however it is not recommended to use multiple PTR records for an IP
address, and the behavior is unspecified by the RFC as far as I know. If
you specify multiple PTR records, things will not work as you want. This
is not an OpenSMTPD thing but a DNS thing.
Anyways, to answer your question:
OpenSMTPD will resolve 29.3.20.19 into _one_ hostname.
If none could be found, it will reject.
It one could be found, it will go to next check.
> ii) Suppose 29.3.20.19 resolves to { brexit.eu, reunite.uk }. Next
> resolve the set of hostnames to a set of IP addresses. If no IP address
> is returned for any of the hostnames, reject connection.
Yes, except that it will do that for the one hostname it resolved.
> iii) Suppose some hostnames do resolve to a set of IP addresses. If
> 29.3.20.19 is not present in the set of IP addresses, reject connection.
>
Yes.
> In case I have understood this incorrectly, I apologize. I have based
> this flow on my understanding of the "reject_unknown_client_hostname"
> feature of Postfix [1].
>
Yes, they are alike.
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org