At 13:12 3/30/2004, Davide Libenzi wrote: > > I'd rather avoid the round trip time for DNS queries if I can, but if > > there's some overriding reason here, I'll just go straight to the wire for > > A and PTR queries.... > >You don't need to do that. XMail uses the existing OS infrastrcture for A >and PTR queries, that is automatically cached by DNS server closer to you.
Thanks. The functionality I'm planning to add is for FCrDNS and RCfDNS. They work like this: FCrDNS: Take the connecting IP address, retrieve all PTR records (hopefully only one, but possible to get more). Then take the PTR record(s) and do A lookup on it. Compare the connecting IP address to the A records returned - if no match, either the DNS for the connecting IP has been misconfigured/corrupted, or it's being forged by a spammer. (Of course, this assumes that RDNS is in place for all connecting IP addresses - a policy I have implemented for my server anyway.) RCfDNS: Take the HELO/HELO name, retrieve all A records. Starting with the first returned A record, do PTR lookup. If HELO/EHLO matched PTR found for any A record, assume valid, otherwise reject as misconfigured/corrupt DNS or forgery. The RCfDNS is going to be expensive, due to the possible number of lookups and the string comparisons,so it may not be worth the expense. However the FCrDNS I definitely want to implement. I don't know if you would be interested in this kind of code or not for inclusion in a future version - if so (and you can stand my poor coding skills :) I'd be happy to share once I have something working... - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
