doveadm who reverse dns lookups

Joseph Tam jtam.home at gmail.com
Wed Jul 25 23:44:55 EEST 2018


On Tue, 24 Jul 2018, Michael Grant wrote:

> However, it would definitely save me a step in figuring out where
> someone was logged in from to know if it?s legit.

Or not.  The IP address being logged is reliable, the PTR lookup is in the
hands of that zone's DNS operators, who could spoof any FQDN they want.
If you're concentrating on one/few case(s), it's worth deep diving.
If you're analyzing an entire log file, use a script.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list