On Wed, 25 Nov 2015 14:54:46 +0100 Reindl Harald wrote: > Am 25.11.2015 um 14:41 schrieb RW: > > On Wed, 25 Nov 2015 12:32:59 +0100 > > Matthias Apitz wrote: > > > >> I think we can close this thread now :-) > > > > IIWY I'd still use the Botnet plugin. > > > > The absence of reverse DNS gives you three problem: > > > > 1. You have no test for the absence of rDNS > > why that when SA makes the dns request itself?
As it says above I was listing the problems that come from not having rDNS available, I did go on to say that the patch fixes this. > in fact in that case you *really* have the capability to distinct > between absence (NXDOMAIN) or dns-error which you don#t have by > parsing headers with no clue where the "unknown" is coming from > > > 2. You have no test for the absence of full-circle DNS > > should be possible It is but this patch doesn't do it, which is why I still recommended the use of BOTNET (at least for small-scale setups). > > 3. You have no test for dynamic rDNS > > why that when SA makes the dns request and so have a rDNS? Because, as far as I can see, the patch doesn't make the rDNS available to SA's other tests, it just supplies a stand-alone test for no-rDNS. I don't know how easy it would be to fix that *properly* because the relay information is expected to be complete very early in the scan, before any DNS results return. It should be possible to shift some of the header tests so they can identify dynamic rDNS, but until then BOTNET will do it. BOTNET is a more flexible as well. Seems to me it would be better for large scale SA users if Postfix could be configured always to add rDNS or "unavailable", and leave users of fetchmail, getmail etc with BOTNET.
