On 11/03/10 08:17, Noel Jones wrote: > On 11/3/2010 5:04 AM, Jerry wrote: >> I noticed this posted on another forum: >> >> <quote> >> It should be noted that reject_unknown_client_hostname will check only >> the first PTR record returned for a host. So, you might reject >> well-configured (i.e. RFC-compliant) clients whose matching PTR record >> unfortunately isn't the first one in the list. >> </quote> >> >> Is this factually correct? If so, what are the statistical chances of it >> occurring? If correct, other than not using that option, what other >> options should be used to prevent such an occurrence? >> > > While this is essentially correct, it's really FUD. >
I posted this in response to someone suggesting the scorched-earth approach via reject_unknown_client_hostname using the rationale that you won't block any RFC-compliant hosts. In context, I wanted to point out that reject_unknown_client_hostname might not be your weapon of choice even if you're on a crusade to purge the net of all non-RFC-compliant hosts.
