Bill Cole said:
> Basically, this is a non-issue. Reverse DNS has never really been
trustworthy, and trusting an unverified rDNS result by itself for
authentication is an unlikely error for any serious piece of modern
software.
Well, I guess my milter was either ancient or nonserious, in spite of
the fact that it shields my family and myself from several thousand
spams per day. I made this mistake and was alerting anyone else who
might have made a similar mistake. Because I never added the value
"localhost" to either my white or blacklist, my milter never used the
value "localhost" in making any of its decisions, so it indicated it was
neutral on the spam. My milter is set on top of sendmail 8.13, and
sendmail never logged a byte about this problem. Two other posters
(Jeroen Massar and David Wilson) offered the only possible solution to
fix the problem of verifying the hostname (thanks, guys...).
I'm not at all sure that this is a non-issue for those of us using
sendmail (it's nice to know EXIM users aren't bothered by this). Neither
sendmail nor libmilter do the necessary step to verify correctness of
the rDNS result that they pass to my milter code as the "hostname"
argument of xxfi_connect(). Either sendmail or libmilter (whichever of
these provides the rDNS value passed to a milter) should be the ultimate
place where any modifications to add verity go. Other milter makers
besides myself may have made this mistake. Of course, it is possible
that Red Hat is the culprit -- I'm using RHEL4's version of sendmail. I
will do further research and lodge a change request with the appropriate
people.
In the meantime, until test on my modifications are completed, I've
temporarily added "localhost" and "localhost.localdomain" to my reject
list; they join "business" (which is the rDNS offered by spamhosts at
interbusiness.it). Since the IP 127.0.0.1 is in the whitelist and the
whitelist trumps the blacklist, my milter doesn't self-destruct local
outbound emails.
Cheers,
Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg