spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mouss <>
Subject Re: [OT?] rDNS tomfoolery - "localhost"
Date Wed, 08 Oct 2008 19:39:54 GMT
John Hardin a écrit :
> All:
> I've recently come across some anomalous behavior in Vista and Win2k3
> when confronted with a host's rDNS returning "localhost". It seems
> Vista and Win2k3 replace this with the local hostname. To illustrate:
>    ping -a
AFAIK, "-a" doesn't change how ping works. the only thing it adds is to
show the PTR. but ping will contact the IP.

> (Note: this isn't new, some searching reveals a blog post about it a
> year ago.)
> Is this a recognized spammer tactic to try to take advantage of
> poorly-implemented whitelisting?

if paranoia mode is on, may be. but I doubt it's the case here (setting
the PTR to or the like may be more "effective")

Looks like a zone with a wildcard, and the PTR is set to localhost (a
default value in the tool that generated the zone?).

$ host domain name pointer localhost.
$ host domain name pointer localhost.

> Does anybody know if this is a known security risk? (e.g. can a
> webserver with rDNS set to "localhost" bypass any IE security features?)

While shit has happened too many times, I don't see why a browser would
do PTR lookup when given an IP.

View raw message