On Sun, Jul 17, 2011 at 11:36:49PM +0200, Patrick Lists wrote:
On 07/17/2011 11:24 PM, Always Learning wrote:
*almost* correct. In Linux, like Unix and the pre-Microsoft days, uppercase letters have a different numerical value to lowercase letters.
Uppercase 'COM' is definitely not the same as lowercase 'com'.
Please correct me if I am wrong but afaik upper-/lowercase does not matter in DNS. Also, I am not aware of e.g. Postfix actually rejecting (with reject_unknown_client_hostname) a FQDN with capitals when a FQDN in lowercase was expected.
Postfix HELO verification simply does the relevant DNS lookups; if they succeed then the HELO is OK.
Postfix IP verification does the IP rDNS lookup, then a forward lookup of the result; if the result set includes the original IP then it succeeds.
Case doesn't matter unless the underlying DNS libraries somehow break on case. Which they shouldn't :-)
In the example given earlier:
HELO / EHLO: smtpe1.intersmtp.com HELO IP: 62.239.224.89 MX IP: 62.239.224.234 MX DNS A record: smtp61.intersmtp.com
The HELO name successfully resolves to 62.239.224.89, so passes.
Now the source IP address isn't given but if it was 62.239.224.89 then postfix would have done 62.239.224.89 -> smtpe1.intersmtp.COM. and then smtpe1.intersmtp.COM. -> 62.239.224.89 Since the final IP address matches the source IP address then the connecting IP address check would also have passed.
You'll note the MX IP and A records aren't actually involved, in this case!
After 5+ years of running these checks myself, I finally got fed up with all the stupid companies who had broken DNS (including banks and ISPs and Fortune 500 companies - my "white list" made 99 entries!) that I eventually turned it off and just use the Zen RBL. It lets through spam that the stricter checks would reject, but it's good enough.