<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-15">
<META content="MSHTML 6.00.2900.3562" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Segoe UI">
<DIV>After re-reading you explanation about spoofing, etc. I think I need to clarify what I was thinking so you can tell me it won't work like that. :-)</DIV>
<DIV> </DIV>
<DIV>My thoughts were that the system that has a dynamic IP automatically registers it's IP with DynDNS every time the IP address changes so</DIV>
<DIV> </DIV>
<DIV>host.domain.com A {dynamic IP} </DIV>
<DIV> </DIV>
<DIV>is always up pointing to the system. Since the IP changes every time so does the PTR record making it impossible to base a rule. So I always know the IP from a forward DNS query (DynDNS) and it will never match the reverse.</DIV>
<DIV> </DIV>
<DIV>I figured that the sending system would say that I am host.domain.com, a check of DNS would give the IP address and a comparison would be done to see if the IP address is the same as the IP that made the connection. That way I don't need to check the reverse DNS. </DIV>
<DIV> </DIV>
<DIV>Or is it going to blindly accept the name given in the helo/ehlo handshake and if so, I agree that would be easily spoofable. Am I thinking this right?</DIV>
<DIV> </DIV>
<DIV>Thanks again,</DIV>
<DIV> </DIV>
<DIV>Gary</DIV>
<DIV><BR>>>> Julian Field <MailScanner@ecs.soton.ac.uk> 6/15/2009 3:17 PM >>><BR><BR><BR>On 15/06/2009 19:28, Julian Field wrote:<BR>><BR>><BR>> On 15/06/2009 19:09, Gary Faith wrote:<BR>>> Yes, I have mail being sent from a dynamic IP address with a host <BR>>> name I know but the IP will change. Can you provide a way to turn <BR>>> off the anti-spoof checking? If not now, in future releases?<BR>> I will add a switch for you. But it does make defeating the name <BR>> lookup into a very simple thing for a spammer/attacker to do against you.<BR>I have implemented it by you using<BR> host-nocheck:hostname.domain.com<BR>instead of<BR> host:hostname.domain.com<BR>in the condition in a line in a ruleset.<BR><BR>I can see how this might be useful should you be needing to test against <BR>a dynamic IP address, in which case you will have a DNS PTR record but <BR>no DNS A record.<BR><BR>This will hopefully solve your problem nicely.<BR><BR>It will be in the next release.<BR><BR>>> >>> Kai Schaetzl <maillists@conactive.com> 6/14/2009 3:31 AM >>><BR>>> Julian Field wrote on Sat, 13 Jun 2009 15:41:24 +0100:<BR>>><BR>>> > Just use the IP addresses instead of the hostnames. Trivial, surely?<BR>>><BR>>> But he doesn't know them.<BR>>><BR>>> Kai<BR>>><BR>>> -- <BR>>> Kai Schätzl, Berlin, Germany<BR>>> Get your web at Conactive Internet Services: <A href="http://www.conactive.com">http://www.conactive.com</A><BR>>><BR>>><BR>>><BR>>> -- <BR>>> MailScanner mailing list<BR>>> mailscanner@lists.mailscanner.info<BR>>> <A href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</A><BR>>><BR>>> Before posting, read <A href="http://wiki.mailscanner.info/posting">http://wiki.mailscanner.info/posting</A><BR>>><BR>>> Support MailScanner development - buy the book off the website!<BR>><BR>> Jules<BR>><BR><BR>Jules<BR><BR>-- <BR>Julian Field MEng CITP CEng<BR>www.MailScanner.info<BR>Buy the MailScanner book at www.MailScanner.info/store<BR>Follow me at twitter.com/JulesFM<BR><BR>MailScanner customisation, or any advanced system administration help?<BR>Contact me at Jules@Jules.FM<BR><BR>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<BR>PGP public key: <A href="http://www.jules.fm/julesfm.asc">http://www.jules.fm/julesfm.asc</A><BR><BR><BR>-- <BR>This message has been scanned for viruses and<BR>dangerous content by MailScanner, and is<BR>believed to be clean.<BR><BR>-- <BR>MailScanner mailing list<BR>mailscanner@lists.mailscanner.info<BR><A href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">http://lists.mailscanner.info/mailman/listinfo/mailscanner</A><BR><BR>Before posting, read <A href="http://wiki.mailscanner.info/posting">http://wiki.mailscanner.info/posting</A><BR><BR>Support MailScanner development - buy the book off the website! <BR></DIV></BODY></HTML>