Re: Notice about moderation of uk.rec.cycling.moderated
- From: crn@xxxxxxxxxxxxxxxxxx
- Date: Thu, 3 Dec 2009 01:49:52 +0000 (UTC)
Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx> wrote:
In article <5aadh5lq31s0583q5kbtc6jj1n5n3jsvh4@xxxxxxxxxxxxxxxxxxx>,
Mark Goodge <usenet@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
It's not a DNS issue. There's absolutely nothing in any RFC which
requires a one-to-one match between forward and reverse DNS (and nor
could there be, given that any IP address can host many different
services with differing hostnames). And, if we're talking about SMTP,
RFC 5321 section 4.1.4 says that:
An SMTP server MAY verify that the domain name argument in the EHLO
command actually corresponds to the IP address of the client.
However, if the verification fails, the server MUST NOT refuse to
accept a message on that basis.
What that means is that you're entitled to check that the domain name
in the HELO/EHLO has an A record corresponding to the IP address which
is contacting you. But there's no requirement that the IP address, in
return, is mapped (via a PTR record) to the same hostname. And, in any
case, the next clause explicitly forbids rejecting a message based on
a DNS mismatch.
My server does not violate the above requirement. In the exact words
of the RFC:
[ Although the spec says that it MAY, my server DOES NOT ]
verify that the domain name argument in the EHLO command
actually corresponds to the IP address of the client.
[ and thus the situation does not arise in which ]
the verification fails, [ and as a consequence, my ]
server [ DOES NOT EVER (as indeed it] MUST NOT [)]
refuse to accept a message on that basis.
It does perform other DNS verifications, for example that the reverse
mapping of the calling IP address corresponds to the forward mapping,
but that's not what the paragraph you are quoting is talking about.
The paragraph you quote is aimed at avoiding requiring multihomed
hosts to find out their calling IP address and somehow deciding as a
result which hostname to send in HELO. Rather a multihomed host is
entitled to provide a domain name in HELO which does not have any
obvious relationship to the calling IP address.
A multihomed host MAY provide such a name but is not REQUIRED to do so.
Your test is therefore broken. There is no requirement that a reverse
mapping should match a forward mapping so that test is also broken.
For example, mail.netunix.com and mailgate.netunix.com can dynamically
reside on several virtual machines on several physical machines and
will dynamically migrate to avoid high load averages and high disk
i/o demands.
.
- References:
- Re: Notice about moderation of uk.rec.cycling.moderated
- From: crn
- Re: Notice about moderation of uk.rec.cycling.moderated
- From: Ian Jackson
- Re: Notice about moderation of uk.rec.cycling.moderated
- From: Mark Goodge
- Re: Notice about moderation of uk.rec.cycling.moderated
- From: Ian Jackson
- Re: Notice about moderation of uk.rec.cycling.moderated
- Prev by Date: Re: Notice about moderation of uk.rec.cycling.moderated
- Next by Date: Re: Notice about moderation of uk.rec.cycling.moderated
- Previous by thread: Re: Notice about moderation of uk.rec.cycling.moderated
- Next by thread: Re: Notice about moderation of uk.rec.cycling.moderated
- Index(es):
Relevant Pages
|
