Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3706

FCrDNS SMTP hook + audit of ValidSenderDomainHandler

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • SMTPServer

    Description

      I was having a review of plugins available on Haraka to audit if we missed major areas in the plugin space (hopefully not that much except that we are globally not good at AntiSpam/AntiVirus)...

      They have the Forward-confirmed reverse DNS https://github.com/haraka/haraka-plugin-fcrdns plugin. The idea: you resolve the EHLO domain, get an ip, perform the reverse DNS lookup and verify this matches the original EHLO.

      James does not have such kind of checks pre-packaged. And this could easily be implemented. Please notice that this differs from the existing ValidSenderDomainHandler that only ensures the sender domain have a MX record attached to it.

      Speaking of which... There's a worrying TODO within the error handling code of the DNS lookups, which essentially is ignored, allowing to bypass this check. We likely should act!

      Attachments

        Activity

          People

            Unassigned Unassigned
            btellier Benoit Tellier
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: