Re: Comments on draft-freed-sieve-environment-04

[Kjetil Torgrim Homme <kjetilho@xxxxxxxxxx>]

On Sun, 2008-03-23 at 10:50 -0700, Ned Freed wrote:
> Also a good point. I have added:
> 
>   The remote-host environment item defined in this specification is usually
>   determined by performing a PTR DNS lookup on the client IP address. This
>   information may come from an untrusted source. For example, the test:
> 
>     if environment :matches "remote-host" "*.mydomain.com" { ... }
> 
>   is not a good way to test whether the message came from 'outside' becaus
>   anyone who can create a PTR record can create one that refers to whatever
>   domain they choose.
[...]
> 
> I think a simpler way to handle this is to say that the name will
> be blank if it cannot be resolved into a host name. How about:
> 
>  "remote-host"
>            => Host name of remote SMTP/LMTP/Submission client, if
>               applicable and available. The empty string will be returned
>               if for some reason this information cannot be obtained for
>               the current client.

sorry, I don't understand what this means.  is the existence of a PTR
record sufficient?  it seems so, given the above added caveat.  if so --
how is a script able to detect a forgery?

-- 
med venleg helsing,
Kjetil T.