Verify return-path for incoming messages

[foxcpp]

Following conditions should be met for verification to pass:

• rDNS domain of source server's IP should be equal to the hostname value presented in EHLO/HELO command
• Hostname domain presented in EHLO/HELO command should resolve to source server's IP address
• Domain in MAIL FROM should have MX record pointing to the source server

These checks are built on the assumption that we have a DNSSEC-enabled resolver and the source server does have DNSSEC enabled.

[foxcpp]

I wonder whether we should require rDNS records to be present for the source server. Gmail requires that and so any legitimate and properly configured mail server that wants to work with it (almost all?) should have it.

[jpsamaroo]

Counter-argument to requiring rDNS - I run a mailserver at home but my ISP won't configure rDNS since I don't host from a business plan (and they won't let me upgrade to one...). This breaks sending to only a limited number of recipients, and most mailservers seem to not care about rDNS and receive my email just fine.

[foxcpp]

Alright, we will leave the rDNS check turned off by default then.

[foxcpp]

I wonder if we should define something to run these checks before client sends us a body to not waste traffic on messages that will be rejected anyway.

[foxcpp]

@NamedKitten is working on it (run and hide, kitten is using git)

[emersion]

I wonder if we should define something to run these checks before client sends us a body to not waste traffic on messages that will be rejected anyway.

Should probbaly be done by optimizing the whole pipeline to be streaming instead.