[Mimedefang] validating 'possibly forged' helo IP's?
James Ebright
jebright at esisnet.com
Sun Jan 15 19:54:08 EST 2006
Yeah, that is exactly what you have to do if you need to delegate the IP
space as the ISP... I was also speaking about generating the relevant
zone file containing the PTR records (the in.addr-arpa records) and we
solved the classless delegation issue by simply requiring customers that
want more than a single static IP address to complete ARIN forms to
justify their use and need (since we have to do the same if we want more
space ourselves!) and there is no space on our forms to select something
arbitrary like.. 7 IPs hehe. I have no issues doing classless routing...
but IP delegation is so much simpler all around if kept classfull. (and
honestly, you can assign a customer a /29 and a /32 and give them 7
usable addresses if they absolutely require only 7 IPs, so it is easy to
play with).
In either case, you still need to generate your in.addr-arpa zones...
and that is what I was referring to. :-)
Jim
Kenneth Porter wrote:
> --On Saturday, January 14, 2006 9:41 PM -0500 James Ebright
> <jebright at esisnet.com> wrote:
>
>> It is trivial to setup PTR records for any size of IP space, you are
>> talking about less than 20 lines of shell code for a fairly complex
>> setup, can do it in one typed in for loop if you want.... so there
>> really
>> is no excuse to not have any PTR records at all.
>
>
> There's macro syntax in BIND for doing exactly this, and it's what's
> commonly used by the ISP to create the delegation for blocks that
> don't fall on subnet boundaries (AKA "classless delegation"). Look for
> "$GENERATE".
>
> Here's one approach:
>
> <http://homepages.tesco.net/~J.deBoynePollard/FGA/
> avoid-rfc-2317-delegation.html>
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list