On Tue, 17 May 2005, Dennis Peterson wrote: > > I guess I'm saying that if I telnet to fw.domain.name on 25, I should see > > something like > > > > 220 fw.domain.name ESMTP mail relay. > > > > If it doesn't say that, then it is lying to anyone who connects to it. > > Forward and back dns should resolve to the name spit out by the smtp 220 > > string. This should be verifiable. > > If I have a server with 500 virt hosts you could get a helo from any one > of them. If you telnet back to it on port 25 what do you think you might > see? One of about 499 "liars", maybe?
Well I am assuming that you would be doing a forward-reverse-forward to and comparing it to there. If a forward of mail.someclient.com is 1.2.3.4 and a reverse of 1.2.3.4 is fw.domain.name and a forward of fw.domain.name is 1.2.3.4 then it's not lying. In fact, that is quite common. I'm saying there should be a consistent forward-reverse mapping for the actual mail server and that that mapping should match the 220 string. If someclient.com has more than one priority MX server to handle mail then whatever server is handling it (fw2.domain.name?) should have proper forward-and-back mappings. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
