You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2022/01/19 14:13:00 UTC

[jira] [Created] (JAMES-3706) FCrDNS SMTP hook + audit of ValidSenderDomainHandler

Benoit Tellier created JAMES-3706:
-------------------------------------

             Summary: FCrDNS SMTP hook + audit of ValidSenderDomainHandler
                 Key: JAMES-3706
                 URL: https://issues.apache.org/jira/browse/JAMES-3706
             Project: James Server
          Issue Type: Improvement
          Components: SMTPServer
            Reporter: Benoit Tellier


I was having a review of plugins available on Haraka to audit if we missed major areas in the plugin space (hopefully not that much except that we are globally not good at AntiSpam/AntiVirus)...

They have the Forward-confirmed reverse DNS https://github.com/haraka/haraka-plugin-fcrdns plugin. The idea: you resolve the EHLO domain, get an ip, perform the reverse DNS lookup and verify this matches the original EHLO.

James does not have such kind of checks pre-packaged. And this could easily be implemented. Please notice that this differs from the existing ValidSenderDomainHandler that only ensures the sender domain have a MX record attached to it.

Speaking of which... There's a worrying TODO within the error handling code of the DNS lookups, which essentially is ignored, allowing to bypass this check. We likely should act!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org