/dev/rob0 wrote:
On Sat, Apr 05, 2014 at 11:01:54AM -0400, Miles Fidelman wrote:
Which leads to several obvious questions:
- how does postfix use PTR records (e.g., which header lines
are matched, at what points in the processing chain, ...)?
A client connects to smtpd. The PTR for the client IP address is
looked up. The PTR value (that is, a hostname, such as
"x.example.com.") is also looked up. If an A record matching the
client IP address is returned, smtpd logs the connection as coming
from "x.example.com[client.ip.add.ress]". Then if mail is eventually
accepted, the Received header is constructed similarly:
Received: from <helo_name_given> (x.example.com[client.ip.add.ress])
Well... it's a little more complicated than that:
- there's the initial TCP connection - where there are only IP addresses
and port numbers involved
- there's the HELO command - HELO name is given
- then there's the MAIL command - where you have the sender email
address (which may be a different domain from the HELO domain)
And a bunch of other things are logged (depending on logging
configuration), including:
- envelope from: and to:
- from: and to: addresses from the message body
- alias translations (e.g., an "originally-to: header)
If this verification process fails, such as when no PTR exists for
the address (see reject_unknown_reverse_client_hostname) or when the
PTR value lookup fails (nxdomain, servfail, timeout) or returns a
different IP address (see reject_unknown_client_hostname), smtpd logs
the connection as coming from "unknown[client.ip.add.ress]".
"Which header lines are matched"? I have no idea what you mean.
Well, let's start with:
- HELO name
- MAIL FROM:
- From:
Since this is a postfix list - specifically, does postfix do any
matching beyond the IP address in the TCP connection, and the PTR from
the HELO name?
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
