Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Invalid
-
None
-
None
Description
I was having a review of plugins available on Haraka to audit if we missed major areas in the plugin space (hopefully not that much except that we are globally not good at AntiSpam/AntiVirus)...
They have the Forward-confirmed reverse DNS https://github.com/haraka/haraka-plugin-fcrdns plugin. The idea: you resolve the EHLO domain, get an ip, perform the reverse DNS lookup and verify this matches the original EHLO.
James does not have such kind of checks pre-packaged. And this could easily be implemented. Please notice that this differs from the existing ValidSenderDomainHandler that only ensures the sender domain have a MX record attached to it.
Speaking of which... There's a worrying TODO within the error handling code of the DNS lookups, which essentially is ignored, allowing to bypass this check. We likely should act!