Benoit Tellier created JAMES-3706:
-------------------------------------
Summary: FCrDNS SMTP hook + audit of ValidSenderDomainHandler
Key: JAMES-3706
URL: https://issues.apache.org/jira/browse/JAMES-3706
Project: James Server
Issue Type: Improvement
Components: SMTPServer
Reporter: Benoit Tellier
I was having a review of plugins available on Haraka to audit if we missed
major areas in the plugin space (hopefully not that much except that we are
globally not good at AntiSpam/AntiVirus)...
They have the Forward-confirmed reverse DNS
https://github.com/haraka/haraka-plugin-fcrdns plugin. The idea: you resolve
the EHLO domain, get an ip, perform the reverse DNS lookup and verify this
matches the original EHLO.
James does not have such kind of checks pre-packaged. And this could easily be
implemented. Please notice that this differs from the existing
ValidSenderDomainHandler that only ensures the sender domain have a MX record
attached to it.
Speaking of which... There's a worrying TODO within the error handling code of
the DNS lookups, which essentially is ignored, allowing to bypass this check.
We likely should act!
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
