-
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] verifier_domain is used as HELO argument and has much stricter requirements #18
Comments
Update linters config Update linter config Fix typo Refactor, add raise_unless method Refactor Update gem version Add base worker class, implement inheritance pattern Refactor namespaces Typo fix Add Truemail::Auditor, Truemail::Auditor::Result tests Update Truemail defined constants Add tests Complete Audit::Ptr tests Add host_audit tests Update readme Update test
Hi, @AlexeyDemidov! Checkout PTR check feature in last gem release. What you think about SPF, DKIM and DMARC implementation for next auditor feature? |
I would suggest passing an IP to test as a parameter to There is a missing step in PTR verification - it checks that PTR matches Regarding SPF, DKIM and DMARC - it could be useful to implement DMARC and SPF checks as a part of sender verification functionality (DKIM is impossible to check on SMTP level) but parsing these DNS records is quite complex, so it will be necessary to use 3rd party gems to implement it (https://github.com/trailofbits/dmarc and https://github.com/trailofbits/spf-query). In long term it would be probably better to split sender verification functions into a separate gem. |
Alexey, thank for your details! I have fixed it. Cheers! |
As
verifier_domain
is used as HELO/EHLO argument during SMTP session it has much stricter requirements than the documentation implies and default value derived fromverifier_domain
can cause failure to establish SMTP session. By RFC 5321 HELO/EHLO argument should contain FQDN of the server which initiated SMTP session, and many SMTP servers implement strict HELO checks where they check that IP which initiated connection has PTR record which matches FQDN presented in HELO. So, if this check is run on a server with IP 1.2.3.4 which has PTR record 1-2-3-4.hosterdomain.com then HELO argument should be 1-2-3-4.hosterdomain.com and also you need to make sure that 1-2-3-4.hosterdomain.com resolves into 1.2.3.4The text was updated successfully, but these errors were encountered: