On Tue, Mar 26, 2002 at 07:11:40PM +0100, martin f krafft wrote:
| also sprach dman <[EMAIL PROTECTED]> [2002.03.26.1805 +0100]:
| > Another note: some legitimate people won't have reverse DNS. In
| > particular, me :-(. My IP is now provided by my current employer (the
| > housing is too, it's really nice!), but the reverse DNS is managed by
| > their provider. Unfortunately my IP (which wasn't in use before)
| > doesn't have a reverse mapping and it is less than trivial to make
| > one.
|
| true. and it's not an excuse. it means that the provider is just
| another one of those that doesn't know what they're doing. DNS is
| bloody simple, it's amazing how many (influential) parties get it
| wrong.
I don't know how knowledgeable or not the provider is. I have no
contact with them. The IPs my employer is actually using have proper
reverse DNS, but the admin had to tell the provider what entries he
wanted. He wasn't using his whole IP block, so he didn't specify
reverse DNS for the unused IPs. Now one of those IPs is being used.
| > Hmm, maybe I can create an exim router that looks through a list of
| > hosts that require a reverse DNS and relay those messages through a
| > smarthost but deliver other mail directly ... that's a project for
| > a later time.
|
| too much trouble. get your provider to do it right and your problems
| are history.
Since I'm only certain I'll be here for another 7 weeks, it's not
worth the hassle of getting a third party to update the records, then
re-update them when I'm gone. I _may_ be here longer, and I might not
be.
With exim4 I don't think it would be too much trouble to set up the
router, and it would be a good exercise in having a framework to
handle similiar situations (as I continue to move around and have
different setups here and there). (and it would be a correct solution
:-))
I do understand people who reject hosts with no reverse DNS and I
can't really give any argument against it. I wonder how much good it
actually does, though, since my DSL line (back at home) had a reverse
lookup.
$ host- 64.213.121.140
Name: 64-213-121-140.roc.frontiernet.net
Address: 64.213.121.140
Not a particularly useful name, but it does have matching A and PTR
records. I guess my point in saying this is that blocking based on
following DNS standards doesn't necessarily block open relays on DSL
connections.
-D
--
Who can say, "I have kept my heart pure;
I am clean and without sin"?
Proverbs 20:9
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
