Mark Shewmaker wrote:
On Tue, 2004-02-24 at 16:44, Theo Schlossnagle wrote:
I like that idea. I don't know of any RFC that dictates the EHLO
argument MUST appear in the Received headers. In fact, from a
pedantic point of view, it is _much_ better to put the results of
an rDNS query in the headers and that is "what really happened".
What if there is more than one result from an rdns query, and none of
the resulting A records match the EHLO argument or the "mail from"
domain? (Or even if one result matches the EHLO argument, and the
other matches the "mail from" domain?)
I would say that if an rDNS query returns multiple hostnames, see how
many of those resolve back to the address. If multiple, list them all,
if just one list that one. If none, you still have the IP address of
the connecting host, and that's better than nothing...
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.