Re: [Nolug] running a mail server with a Cox account

From: Mark A. Hershberger <mah_at_everybody.org>
Date: Mon, 11 Aug 2003 22:42:35 -0500
Message-ID: <87he4n4k44.fsf@weblog.localhost>

"John Souvestre" <johns@sstar.com> writes:

>>>> Note that it probably would have been okay for smtp.example.com to
> identify itself as barney.example.com. One machine can have many names
> assigned to it. The problem comes when a machine is identifying itself as
> belonging to two separate domains, which really isn't common or proper in
> email headers.
>
> Here he admits that one machine can have many names. Does he think that it
> is illegal to use them? What domain each of the names is in has nothing at
> all to do with the issue - either two names "match" or they don't (as per
> his initial claim).

To solve this:

   Client sends "HELO mail.everybody.org"

   Server looks up "mail.everybody.org" and finds the IP 66.93.249.201

   Server sees that the sender is indeed 66.93.249.201 and does a
     reverse lookup. It finds "superman.everybody.org".

   Just to be doubly sure, it checks "superman.everybody.org" and
     finds 66.93.249.201.

The identity of the host has been verified. Most people don't bother
with that many lookups... but they could if they really wanted to.

This would work if I identified as any of a dozen domains that
resolve to the IP address.

> Indeed, some mail servers do this reverse test, but not many. There are FAR
> too many faulty DNS setups out there where IP's don't reverse. So ISP's
> don't apply this test. That's the real world. The mail must flow! :-)

But, if a large ISP like AOL does these checks, it is quite likely
that the ISPs will make sure that their mail servers have a correct
and functional reverse DNS.

Mark.
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/11/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST