[ngw] GWIA question for y'all

Tom Kearns tkea at loc.gov
Thu Jul 26 13:20:44 UTC 2001


The proposed change sounds good.

>>> mblackham at gw.novell.com 07/20/01 04:53PM >>>
Currently GWIA has an option, Reject Mail if Senders Identity cannot
be Verified, or the /rjbs option.  It works like this:

1.  On inbound connection, GWIA gets the IP address of the sender and
does a reverse DNS lookup to find the PTR record associated with the
IP address.

2.  Compares the DNS results of 1. to the sender's announced domain
name.

3.  If 1 does not equal 2,  then GWIA refused the connection.

Here's the problems associated with enabling this switch.  If there
is no PTR record, connection is refused.  I don't have a problem with
this.  The other problem is that rarely do the PTR record and the
annouced domain name match.  For example, my GWIA is on a box whose
host name is gwia.novell.com, however, his foreign ID is just novell
com.  So basically any GWIA with /rjbs enable will refuse a connection
from me.

We are thinking about changing this to allow the connection if and
only if a valid PTR record is found, not comparing it to the domain
name.  Does anyone have a problem with us doing this?????  There are 2
advantages to us doing this:

1.  Makes the /rjbs option workable in refusing spammers while
allowing valid hosts to connect

2.  Allows us to better enable GWIA in a clustered environment, where
the IP address GWIA is on may change but the domain name (foreign ID)
does not.  Currently with GWIA in a cluster,  other GWIA's may reject
his connection if he's on a node other than a default node.

Let me know what y'all think.

Morris


--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, and DirXML
development needs and product information.




More information about the ngw mailing list