On Fri, Nov 07, 2008 at 04:45:57PM +0100, mouss wrote:
>
>> With hostnames there is a bigger change of failure (by just using a domain
>> instead of exact hostname, letting f.e. dialup users from the domain forge
>> the path).

>
> not sure I understand. people can't easily forge their rdns (in the


What I meant was more of a configuration error from admin.

I.e. whitelist_from_rcvd *@foo.bar orange.fr domain.wl

We already know this is a bad way (maybe dynamic orange users) even
currently. I don't know if there is much chance of second+ level failure, it
could be overlooked more easily:

whitelist_from_rcvd *@foo.bar smtp*.orange.fr domain.wl

Maybe domain.wl has dynamic users or some other bad servers? Who knows. I
agree it's a bit far fetched and easily corrected when spotted. Maybe there
could be even an failsafe option to detect "bad" received hosts.

I probably would start using this if implemented. Hostname support also in
trusted_networks would be especially handy. Good ideas, too little time to
code..