You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2022/01/19 14:13:00 UTC
[jira] [Created] (JAMES-3706) FCrDNS SMTP hook + audit of ValidSenderDomainHandler
Benoit Tellier created JAMES-3706:
-------------------------------------
Summary: FCrDNS SMTP hook + audit of ValidSenderDomainHandler
Key: JAMES-3706
URL: https://issues.apache.org/jira/browse/JAMES-3706
Project: James Server
Issue Type: Improvement
Components: SMTPServer
Reporter: Benoit Tellier
I was having a review of plugins available on Haraka to audit if we missed major areas in the plugin space (hopefully not that much except that we are globally not good at AntiSpam/AntiVirus)...
They have the Forward-confirmed reverse DNS https://github.com/haraka/haraka-plugin-fcrdns plugin. The idea: you resolve the EHLO domain, get an ip, perform the reverse DNS lookup and verify this matches the original EHLO.
James does not have such kind of checks pre-packaged. And this could easily be implemented. Please notice that this differs from the existing ValidSenderDomainHandler that only ensures the sender domain have a MX record attached to it.
Speaking of which... There's a worrying TODO within the error handling code of the DNS lookups, which essentially is ignored, allowing to bypass this check. We likely should act!
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org