I'm trying to track down why pkgsrc's postfix doesn't verify a
hostname lookup for me this morning.  Situation:

        connection from [1.2.3.4]
        rDNS lookup yields name foo.example.com
        DNS verification of foo.example.com yields one IP address, 
                [5.6.7.8].  (Note this address is NOT the address 
                from step #1.  We have a very clear forgery.)
        postfix incorrectly accepted the name foo.example.com[1.2.3.4]

The ipv6 patches look like they no longer verify the IP address at
all.  There is a lookup done of the name, but the resulting IP address
or addreses are never checked against anything.  Is there something
that getaddrinfo() is doing behind the scenes?  There is a comment in
the code that "memcmp() isn't needed if we use getaddrinfo".  I don't
understand that comment.

 /usr/pkgsrc/mail/postfix/work/postfix-2.0.13/src/qmqpd/qmqpd_peer.c:180:

	    memset(&hints, 0, sizeof(hints));
	    hints.ai_family = AF_UNSPEC;
	    hints.ai_socktype = SOCK_STREAM;
	    error = getaddrinfo(state->name, NULL, &hints, &rnull);
	    if (error) {
		msg_warn("%s: hostname %s verification failed: %s",
		         state->addr, state->name, GAI_STRERROR(error));
		REJECT_PEER_NAME(state);
	    }
	    /* memcmp() isn't needed if we use getaddrinfo */
	    if (rnull)
		freeaddrinfo(rnull);

Is this the bug?

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/
(NOTE: The email address above is valid.  Edit it at your own peril.)