> I'm trying to track down why pkgsrc's postfix doesn't verify a
> hostname lookup for me this morning.  Situation:
> 
>         connection from [1.2.3.4]
>         rDNS lookup yields name foo.example.com
>         DNS verification of foo.example.com yields one IP address, 
>                 [5.6.7.8].  (Note this address is NOT the address 
>                 from step #1.  We have a very clear forgery.)
>         postfix incorrectly accepted the name foo.example.com[1.2.3.4]
> 
> The ipv6 patches look like they no longer verify the IP address at
> all.  There is a lookup done of the name, but the resulting IP address
> or addreses are never checked against anything.  Is there something
> that getaddrinfo() is doing behind the scenes?  There is a comment in
> the code that "memcmp() isn't needed if we use getaddrinfo".  I don't
> understand that comment.
> 
>  /usr/pkgsrc/mail/postfix/work/postfix-2.0.13/src/qmqpd/qmqpd_peer.c:180:
> 
> 	    memset(&hints, 0, sizeof(hints));
> 	    hints.ai_family = AF_UNSPEC;
> 	    hints.ai_socktype = SOCK_STREAM;
> 	    error = getaddrinfo(state->name, NULL, &hints, &rnull);
> 	    if (error) {
> 		msg_warn("%s: hostname %s verification failed: %s",
> 		         state->addr, state->name, GAI_STRERROR(error));
> 		REJECT_PEER_NAME(state);
> 	    }
> 	    /* memcmp() isn't needed if we use getaddrinfo */
> 	    if (rnull)
> 		freeaddrinfo(rnull);
> 
> Is this the bug?

	looks like it is a bug in IPv6 patch.  we should at least do
	getnameinfo() to reverse-lookup it.

itojun