On 10/11/01 at 16:53, Stefan Jeglinski wrote:
> header:
>
> >Received: from opt20.edirectnetwork.net ([198.139.238.246] verified)
>
> Using the same resolver as the SIMS box is pointed to, I see:
>
> <nslookup:opt20.edirectnetwork.net/A>
> Non-authoritative answer:
> opt20.edirectnetwork.net A 198.139.238.246
>
> <nslookup:246.238.139.198.in-addr.arpa/*>
> Non-authoritative answer:
> 246.238.139.198.in-addr.arpa PTR u-198-139-238-246.classichosting.net
>
> <nslookup:u-198-139-238-246.classichosting.net/A>
> Authoritative answer:
> Name Error - domain name referenced does not exist.
>
>
> I'm not concerned about the A and PTR not matching up or the A record
> not existing - these are pretty standard fare - but how does SIMS
> figure certain things out?
>
> I assume it starts with the HELO and looks up that domain name. If
> the HELO is "correct" and all is copasetic, it is "verified" and
> we're done.
As I understand it, you are correct, SIMS looks up the domain name given in
the HELO/EHLO. If it gets back an IP address that matches the IP that the
connection is from, then SIMS considers the HELO/EHLO argument to be
'verified.' If not, SIMS calls the HELO/EHLO 'unverified' and we're still
done.
> If the HELO is not "real," SIMS still has an IP with which to do a
> reverse lookup. Does it do this reverse lookup and try to resolve the
> matter further, or does it always just stop there and place the IP
> and HELO in the header?
IIRC, SIMS doesn't do any reverse look-ups. It only does the 'forward' look-up
as in your first example above. There's really not much point to it, since
there are a number of perfectly legitimate reasons why the PTR would not match
the HELO/EHLO (e.g., a given IP address can have any number of A and CNAME
records that resolve to it). You may note that SIMS does not use the HELO/EHLO
check as a reason to reject connections. It simply notes whether or not the IP
resolves to the domain. Just another small bit of information when tracking
down spammers and other problems.
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/> | PGP public key available on request
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
