Performance Issues - PTR Records

• Previous message (by thread): Performance Issues - PTR Records
• Next message (by thread): Performance Issues - PTR Records
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2011-11-08 12:05 , Mark Andrews wrote:
> In message <4EB8F028.8040607 at dds.nl>, Seth Mos writes:
[..]
> Sounds like FUD.  Who has trusted the contents of a PTR record in the
> last 2 decades?

Lots of tools (read: SSH, Spam-checks, oh and IRCd's ;) trust PTR, but
only if the reverse => forward => reverse. And you don't want to know
how many silly people enable the "if user comes from .in they must be
from Indonesia^WIndia thus block them" Apache option as recently
mentioned on this very thread.

Also, note that your precious operating system will likely store the
PTR, sometimes even without doing the reverse->forward->reverse check.

As such, you set up a PTR + Forward properly for a host, try to 'hack' a
box by password guessing, the log entries will only have the PTR
recorded, and you just drop the PTR+Forward from DNS (as they are under
your control) the admin comes in, sees all those nice hosts in their
logs but as it is gone from DNS will never ever find you. This
especially goes for 'who' (utmp) which makes that mistake. Fortunately
SSH at least logs both IP + hostname, the more info the better.


That said though the PTR->forward->PTR check is a proper check and a
really great way to figure out if the source SMTP host was actually set
up with at least some admin doing it the right way. If they can't be
bothered to set that up, why should you bother to accept that mail, or a
better choice, just score it a bit negatively at least.

Greets,
 Jeroen

• Previous message (by thread): Performance Issues - PTR Records
• Next message (by thread): Performance Issues - PTR Records
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]