dns: add HELO/PTR consistency check

Compare the HELO/EHLO hostname announced by the sending server (first Received hop) against the sender IP's PTR records, surfacing the same signal as x-ptr/policy.ptr in Authentication-Results. Adds helo_hostname and helo_ptr_match to DNSResults, applies a 15-point PTR sub-score penalty on mismatch, and displays the result in a new HELO/PTR Consistency card.
2026-06-06 13:27:35 +09:00 · 2026-06-06 13:27:35 +09:00 · e168446b44
commit e168446b44
parent 27dcb1b0c3
10 changed files with 460 additions and 0 deletions
--- a/web/src/lib/components/AuthenticationCard.svelte
+++ b/web/src/lib/components/AuthenticationCard.svelte
@ -170,6 +170,54 @@
            </div>
        {/if}

+        <!-- X-Ptr (HELO / reverse DNS consistency) -->
+        {#if authentication.x_ptr}
+            <div class="list-group-item" id="authentication-x-ptr">
+                <div class="d-flex align-items-start">
+                    <i
+                        class="bi {getAuthResultIcon(
+                            authentication.x_ptr.result,
+                            true,
+                        )} {getAuthResultClass(authentication.x_ptr.result, true)} me-2 fs-5"
+                    ></i>
+                    <div>
+                        <strong>HELO / PTR</strong>
+                        <i
+                            class="bi bi-info-circle text-muted ms-1"
+                            title="Checks that the HELO/EHLO hostname announced by the sending server matches the sender IP's reverse DNS (PTR) record."
+                        ></i>
+                        <span
+                            class="text-uppercase ms-2 {getAuthResultClass(
+                                authentication.x_ptr.result,
+                                true,
+                            )}"
+                        >
+                            {authentication.x_ptr.result}
+                        </span>
+                        {#if authentication.x_ptr.helo}
+                            <div class="small">
+                                <strong>Announced HELO:</strong>
+                                <span class="text-muted">{authentication.x_ptr.helo}</span>
+                            </div>
+                        {/if}
+                        {#if authentication.x_ptr.ptr}
+                            <div class="small">
+                                <strong>Reverse DNS (PTR):</strong>
+                                <span class="text-muted">{authentication.x_ptr.ptr}</span>
+                            </div>
+                        {/if}
+                        {#if authentication.x_ptr.details}
+                            <pre
+                                class="p-2 mb-0 {$theme === 'light'
+                                    ? 'bg-light'
+                                    : 'bg-secondary'} text-muted small"
+                                style="white-space: pre-wrap">{authentication.x_ptr.details}</pre>
+                        {/if}
+                    </div>
+                </div>
+            </div>
+        {/if}
+
        <!-- SPF (Required) -->
        <div class="list-group-item">
            <div class="d-flex align-items-start" id="authentication-spf">