[ngw] GWIA question for y'all
tkea at loc.gov
Thu Jul 26 13:20:44 UTC 2001
The proposed change sounds good.
>>> mblackham at gw.novell.com 07/20/01 04:53PM >>>
Currently GWIA has an option, Reject Mail if Senders Identity cannot
be Verified, or the /rjbs option. It works like this:
1. On inbound connection, GWIA gets the IP address of the sender and
does a reverse DNS lookup to find the PTR record associated with the
2. Compares the DNS results of 1. to the sender's announced domain
3. If 1 does not equal 2, then GWIA refused the connection.
Here's the problems associated with enabling this switch. If there
is no PTR record, connection is refused. I don't have a problem with
this. The other problem is that rarely do the PTR record and the
annouced domain name match. For example, my GWIA is on a box whose
host name is gwia.novell.com, however, his foreign ID is just novell
com. So basically any GWIA with /rjbs enable will refuse a connection
We are thinking about changing this to allow the connection if and
only if a valid PTR record is found, not comparing it to the domain
name. Does anyone have a problem with us doing this????? There are 2
advantages to us doing this:
1. Makes the /rjbs option workable in refusing spammers while
allowing valid hosts to connect
2. Allows us to better enable GWIA in a clustered environment, where
the IP address GWIA is on may change but the domain name (foreign ID)
does not. Currently with GWIA in a cluster, other GWIA's may reject
his connection if he's on a node other than a default node.
Let me know what y'all think.
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, and DirXML
development needs and product information.
More information about the ngw