Adam Moffett wrote:
Right, it's kind of difficult to fake your source IP in a TCP session. But if I read the manual correctly the whitelist_from_rcvd that he's asking about does lookups on hosts in the "Received-from: " headers in the message.....which would be trivial to fake.
Not really. Sane MTAs (and even most of the not-so-sane ones) look up the rDNS for a connecting IP, then see if that name resolves to that connecting IP. Only if there's a match will they add the rDNS to that Received header; otherwise most will just put "unknown".
Consider for a moment how hard it would be for an average spammer to spoof rDNS for eg PayPal/eBay (admittedly trivial if they have their own netblock to play with) *and* forward lookups on hostnames under .paypal.com or .ebay.com (distinctly nontrivial unless they've managed to break into eBay's DNS infrastructure).
-kgd
