On Tue, 17 May 2005, Bill Taroli wrote: > >>>If I have a server with 500 virt hosts you could get a helo from any one > >>>of them. If you telnet back to it on port 25 what do you think you might > >>>see? One of about 499 "liars", maybe? > >>> > >>> > >>Well I am assuming that you would be doing a forward-reverse-forward to > >>and comparing it to there. If a forward of mail.someclient.com is 1.2.3.4 > >>and a reverse of 1.2.3.4 is fw.domain.name and a forward of fw.domain.name > >>is 1.2.3.4 then it's not lying. In fact, that is quite common. I'm > >>saying there should be a consistent forward-reverse mapping for the actual > >>mail server and that that mapping should match the 220 string. If > >>someclient.com has more than one priority MX server to handle mail then > >>whatever server is handling it (fw2.domain.name?) should have proper > >>forward-and-back mappings. > >> > >I give up. I was really thinking the light was about to go on, too. > > > > Actually, I think you're agreeing and don't realize it. If I read the > point properly, he is not suggesting that the name returned in PTR > necessarily match that of the 220 reply... but he is suggesting that the > forward lookup against the 220 reply result in an IP consistent with > what you looked up in PTR originally. And, yes, this is pretty typical > of hosted setups. If my IP results in domain.com but my mail server 220 > says domain.org, that's OK... because both of them forward lookup to the > same IP. > > Or did I misunderstand the posting?
Thank you, this is exactly where I am going :) -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
