Loading ...
Sorry, an error occurred while loading the content.
 

Re: SMTP client host name spoofing

Expand Messages
  • Vincent Lefevre
    ... Because strictly speaking, due to NAT, the DNS would lie. I mean that the address would not be the address of the machine sending the mail, but the address
    Message 1 of 30 , Apr 3, 2011
      On 2011-04-04 01:53:15 +0200, Reindl Harald wrote:
      > > But the purpose of having a host in DNS is to be able to resolve it.
      > > I mean: you can't have a real hostname in the DNS if it is on a private
      > > network (unreachable because of NAT), can you? Well... I'm not sure.
      > > See below
      >
      > why not?

      Because strictly speaking, due to NAT, the DNS would lie. I mean that
      the address would not be the address of the machine sending the mail,
      but the address of the router.

      > * you have a public ip
      > * make a a-record in some domain to this ip
      > * your isp have a ptr for this ip
      > * myhostname = your a-record
      >
      > EHLO/HELO, A, PTR are matching
      > where is the problem?

      They won't even necessarily match for some machines. For instance,
      one of them is a laptop, which is not always on the same network.
      I suppose that should not be a problem, but who knows...

      Even an address literal in square brackets isn't reliable: I had been
      testing this for a couple of weeks and I got a reject a few minutes
      ago:

      Helo command rejected: IP literal in HELO hostname (in
      reply to RCPT TO command)

      --
      Vincent Lefèvre <vincent@...> - Web: <http://www.vinc17.net/>
      100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
      Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
    • Reindl Harald
      ... nobody out there is interested on your NAT the server on the other side is seeing only your public address and your public adress have a hostname / ptr and
      Message 2 of 30 , Apr 3, 2011
        Am 04.04.2011 02:22, schrieb Vincent Lefevre:
        >> why not?
        >
        > Because strictly speaking, due to NAT, the DNS would lie. I mean that
        > the address would not be the address of the machine sending the mail,
        > but the address of the router.

        nobody out there is interested on your NAT

        the server on the other side is seeing only your public address
        and your public adress have a hostname / ptr and your postfix should
        match this hostname

        the dns do not lie, you never connect outside with anything of your
        NAT because the nature of NAt is to be transparent

        >> EHLO/HELO, A, PTR are matching
        >> where is the problem?
        >
        > They won't even necessarily match for some machines. For instance,
        > one of them is a laptop, which is not always on the same network.
        > I suppose that should not be a problem, but who knows...

        that is why you should NOT direct mail from every single machine
        and setup ONE LAN-Relay which normally use a clean relay-host and
        does NOT direct send mails as long it is not needed

        so you can comment out realy-host temorary, restart postfix
        and all other machines in your LAN are working as expected

        now you come even with "direct send from a notebook"
        jesus christ this is really ignorant!

        > Even an address literal in square brackets isn't reliable: I had been
        > testing this for a couple of weeks and I got a reject a few minutes
        > ago:
        >
        > Helo command rejected: IP literal in HELO hostname (in
        > reply to RCPT TO command)

        that is why i said "do not send directly" unless your whole
        configuration is clean (dns, HELO,...) and as long you want
        that your messages are received and not rejected or even
        silently dropped
      • Sahil Tandon
        On Mon, 2011-04-04 at 02:38:14 +0200, Reindl Harald wrote: [ .. ] ... Please, this is a technical mailing list; let s all try to minimize the editorializing
        Message 3 of 30 , Apr 3, 2011
          On Mon, 2011-04-04 at 02:38:14 +0200, Reindl Harald wrote:

          [ .. ]

          > now you come even with "direct send from a notebook"
          > jesus christ this is really ignorant!

          Please, this is a technical mailing list; let's all try to minimize the
          editorializing and insults.

          --
          Sahil Tandon <sahil@...>
        • Reindl Harald
          ... i know, but somewhere sgould be a point where peopole try to understand things they are told tem over and over or do what they want and stop questions if
          Message 4 of 30 , Apr 3, 2011
            Am 04.04.2011 03:08, schrieb Sahil Tandon:
            > On Mon, 2011-04-04 at 02:38:14 +0200, Reindl Harald wrote:
            >
            > [ .. ]
            >
            >> now you come even with "direct send from a notebook"
            >> jesus christ this is really ignorant!
            >
            > Please, this is a technical mailing list; let's all try to minimize the
            > editorializing and insults

            i know, but somewhere sgould be a point where peopole try to understand
            things they are told tem over and over or do what they want and stop
            questions if the answers do not interest them
          Your message has been successfully submitted and would be delivered to recipients shortly.