[Mimedefang] validating 'possibly forged' helo IP's?

[Gary Funck]

I need a program that will convert a HELO IP address into a
FQDN with some confidence.  I've prototyped one, below.
Is it doing the right thing?  Couple of questions:

1. Is it okay to use the first (and only the first) PTR record?
2. Is it okay to use the (default) recursive search?
3. Is it okay to use the first "A" record to validate
   the name returned by rDNS?
4. Does this seem like a reasonable way to validate a HELO IP
   address and convert it into a useable HELO address?

thanks, - Gary



---- dns.pl ----------
#!/usr/bin/perl -w
use strict;
use Net::DNS;
my $res = Net::DNS::Resolver->new;    # DNS resolver object
my $ip = shift;
if ($ip =~ /(\d+\.){3}\d+/) {
  my $dns_query = $res->search($ip);
  my $domain_name;
  my $rdns;
  if ($dns_query) {
    for my $rr ($dns_query->answer) {
      next unless $rr->type eq "PTR";
      $rdns = $rr->ptrdname;
      last;
    }
    if (defined($rdns)) {
      $dns_query = $res->search($rdns);
      if ($dns_query) {
        for my $rr ($dns_query->answer) {
          next unless $rr->type eq "A";
          $domain_name = $rr->name; 
          last;
        }
        if (defined($domain_name)) {
          print "domain: $domain_name\n";
        } else {
          print STDERR "no A record for $rdns\n";
          exit 2;
        }
      } else {
        print STDERR "cannot resolve rDNS $rdns\n";
        exit 2;
      }
    } else {
      print STDERR "no PTR record for $ip\n";
      exit 2;
    }
  } else {
    print STDERR "ip: $ip not found\n";
    exit 2;
  }
} else {
  print STDERR "not an IP address: $ip\n";
  exit 2;
}