It's an administrative option though and not enabled by default.
Chris Merrill wrote:
Jeremy Portzer wrote: > You state above, "Would it not be correct to do a lookup on the > domain name to see if it matches the incoming IP address[...]"? > That would be impossible, because a server has no idea what "domain > name" you are connecting from. It only knows the IP address, which it > gets from the TCP/IP protocol information. It can only do one thing -- > a reverse lookup -- to try to determine "the domain name."
My knowledge of SMTP is pretty limited, but my Postfix book says that the
first thing an SMTP server gets is the "HELO trilug.org" command which identifies
the incoming server. It goes on to state that most servers then do a reverse-DNS
lookup (since you can't trust a spammer/hacker to give a valid identity) to find
the true origin and determine if the mail should be allowed.
Wouldn't it make more sense to perform a regular DNS lookup (instead of the
reverse) to determine if the claimed domain could really be coming from the
incoming IP address?
Chris
_______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
