Security Basics mailing list archives
RE: educating rDNS violators]
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 27 Sep 2004 08:24:46 -0700
At the point that you've got a HELO, the remote system has ACK'd your SYN-ACK. So, barring MITM attacks (which are difficult to do on the open Internet), there's a > 99.9% chance that the remote is reachable via the IP address you're seeing. Spoofing rDNS is no harder, and probably easier, so I don't see any meaningful sense in which it "verifies the IP address". David Gillett
-----Original Message----- From: Pat Moffitt [mailto:pmoffitt () wrv com] Sent: Thursday, September 23, 2004 2:19 PM To: security-basics () securityfocus com Subject: [RE: educating rDNS violators] I am not attempting to verify the HELO Command. I am attempting to verify the IP Address of the system that is trying to make the SMTP connection. As such, this section of the RFC does not apply. I see nothing in this RFC that applies to using RDNS to reject mail connections, only on using RDNS to verify HELO commands. Pat Moffitt MIS Administrator Western Recreational Vehicles, Inc. -------- Original Message -------- Subject: RE: educating rDNS violators Date: Tue, 31 Aug 2004 13:35:34 -0400 From: LordInfidel () directionweb com To: 'Derek Schaible' <dschaible () cssiinc com>, Niek <niek () packetstorm nu> CC: security-basics () securityfocus com [snip - to supply the relevent part of the message] 6. Section 5.2.5 of rfc1123 covers this quite explicitly. Rejecting mail based on RDNS ~~~***VIOLATES***~~~ the RFC: http://www.faqs.org/rfcs/rfc1123.html 5.2.5 HELO Command: RFC-821 Section 3.5 [snip]
Current thread:
- [RE: educating rDNS violators] Pat Moffitt (Sep 26)
- RE: educating rDNS violators] David Gillett (Sep 28)