RE: educating rDNS violators]

["David Gillett" <gillettdavid () fhda edu>]

  At the point that you've got a HELO, the remote system has
ACK'd your SYN-ACK.  So, barring MITM attacks (which are
difficult to do on the open Internet), there's a > 99.9%
chance that the remote is reachable via the IP address you're
seeing.  Spoofing rDNS is no harder, and probably easier,
so I don't see any meaningful sense in which it "verifies
the IP address".

David Gillett


> -----Original Message-----
> From: Pat Moffitt [mailto:pmoffitt () wrv com]
> Sent: Thursday, September 23, 2004 2:19 PM
> To: security-basics () securityfocus com
> Subject: [RE: educating rDNS violators]
>
>
>
> I am not attempting to verify the HELO Command.  I am 
> attempting to verify the 
> IP Address of the system that is trying to make the SMTP 
> connection.  As such, 
> this section of the RFC does not apply.  I see nothing in 
> this RFC that applies 
> to using RDNS to reject mail connections, only on using RDNS 
> to verify HELO 
> commands.
>
> Pat Moffitt
> MIS Administrator
> Western Recreational Vehicles, Inc.
>
>
> -------- Original Message --------
> Subject: RE: educating rDNS violators
> Date: Tue, 31 Aug 2004 13:35:34 -0400
> From: LordInfidel () directionweb com
> To: 'Derek Schaible' <dschaible () cssiinc com>,      Niek 
> <niek () packetstorm nu>
> CC: security-basics () securityfocus com
>
> [snip - to supply the relevent part of the message]
>
> 6. Section 5.2.5 of rfc1123 covers this quite explicitly.  
> Rejecting mail
> based on RDNS ~~~***VIOLATES***~~~ the RFC:
> http://www.faqs.org/rfcs/rfc1123.html
>
> 5.2.5  HELO Command: RFC-821 Section 3.5
>
> [snip]