[CentOS] postfix - reject of incoming mail due to helo check??

Fri Feb 3 14:02:32 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Fri, Feb 3, 2012 at 7:01 AM, Stephen Harris <lists at spuddy.org> wrote:
>
>> many "false" positives. There is no definitive RFC requirement that the
>> mapping has to match.
>
> But it's a standard security feature (on Solaris NFS server it was
> added around 1996, I think).  Without the match I could set my servers
> IP address to be "mail.google.com".  No one should believe me unless
> a forward lookup matches.  It is commonly considered "broken" for rDNS
> to return a value that doesn't match forward DNS.

If you say something is "broken", you should quote the RFC with the
MUST requirement that it breaks.  I don't think there is one for this.
 The forward and reverse naming control is delegated 2 different ways
and may not be under the same person's control.   It is also
relatively common to have multi-homed hosts with the same name for
multiple interfaces, or connections that go through NAT where the host
doesn't even know what source address will appear on its connections.

-- 
  Les Mikesell
     lesmikesell at gmail.com