On 2011-11-08 12:05 , Mark Andrews wrote:
In message <4EB8F028.8040607@dds.nl>, Seth Mos writes: [..] Sounds like FUD. Who has trusted the contents of a PTR record in the last 2 decades?
Lots of tools (read: SSH, Spam-checks, oh and IRCd's ;) trust PTR, but only if the reverse => forward => reverse. And you don't want to know how many silly people enable the "if user comes from .in they must be from Indonesia^WIndia thus block them" Apache option as recently mentioned on this very thread. Also, note that your precious operating system will likely store the PTR, sometimes even without doing the reverse->forward->reverse check. As such, you set up a PTR + Forward properly for a host, try to 'hack' a box by password guessing, the log entries will only have the PTR recorded, and you just drop the PTR+Forward from DNS (as they are under your control) the admin comes in, sees all those nice hosts in their logs but as it is gone from DNS will never ever find you. This especially goes for 'who' (utmp) which makes that mistake. Fortunately SSH at least logs both IP + hostname, the more info the better. That said though the PTR->forward->PTR check is a proper check and a really great way to figure out if the source SMTP host was actually set up with at least some admin doing it the right way. If they can't be bothered to set that up, why should you bother to accept that mail, or a better choice, just score it a bit negatively at least. Greets, Jeroen