> but...). Now, if 1.2.3.4 has proper matching forward/reverse DNS lookups,=
I don't see how people behind someone else's NAT pose a problem.
Remember, we're talking about matching hostnames to reverse lookups.
My understanding is that we are talking about:
(a) Doing a reverse lookup on the IP address, and getting a name.
(b) Doing a forward lookup on that name, and making sure you get the
right IP address back.
That works fine with or without NAT.
The hostname that is configured on the actual workstation is
irrelevant. (And is also unknwon (to the target of the connection) for
many protocols.)
-- Brett
No, not the security part of the thread, the mail filter part of the
thread. Sorry, should have specified.
Shawn McMahon wrote:
My understanding is that we are talking about:
(a) Doing a reverse lookup on the IP address, and getting a name.
(b) Doing a forward lookup on that name, and making sure you get
the right IP address back.
No, not the security part of the thread, the mail filter part of the
thread. Sorry, should have specified.
... unless the person running the mail server configures it to use the
publicly-visible hostname instead of deriving a hostname from OS
information. That's how I have my sendmail.cf file configured at home.
It doesn't seem to have any problems.
Of course, mail server distributions don't come preconfigured this way,
so it will still cause problems for those who are unable/unwilling to
hack their sendmail.cf file.
-- David