I do find it strange, though, that SIMS would verify return paths for local
users. How could they possibly resolve correctly if local users have
non-routable, DHCP-assigned IPs like 192.168.0.6 or 10.0.1.6? Or am I not
understanding what this function is actually doing?
Verify return paths is based on the Return Path header, which is a user's email address. It is passed to the mail server as part of the "MAIL FROM: [EMAIL PROTECTED]" command. SIMS does a lookup on domain.com, not a reverse lookup on the sending IP address. Since domain.com, in the case of local users, is typically the mail server itself, it doesn't have to go actually do a DNS check, since it's locally valid.
Verify return paths is a sanity check more than a security procedure. It will keep spammers from using addresses like <[EMAIL PROTECTED]> and <[EMAIL PROTECTED]>.
--
We're at Code Orange right now and panic is the new black.
-- Paul F. Tompkins
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
