> On Nov 13, 2019, at 4:30 AM, Matus UHLAR - fantomas <[email protected]> wrote:
>
> On 12.11.19 17:01, Viktor Dukhovni wrote:
>> The correct way to verify that would be to resolve the EHLO name to
>> an address, NOT to resolve the address to a name. This would then
>> find no anomalies with:
>>
>> Received: from ehlo.example (ptr.example [192.0.2.1])
>>
>> when ehlo.example also resolves to 192.0.2.1.
>
> I'm afraid this would have FPs too.
I was not suggesting that enforcing the check was a good idea. Just
explaining *how* one would correctly enforce the check (if one wanted
to make sure that the FQDN in the EHLO matches the IP).
--
Viktor.
