dns: add HELO/PTR consistency check

Compare the HELO/EHLO hostname announced by the sending server (first Received hop) against the sender IP's PTR records, surfacing the same signal as x-ptr/policy.ptr in Authentication-Results. Adds helo_hostname and helo_ptr_match to DNSResults, applies a 15-point PTR sub-score penalty on mismatch, and displays the result in a new HELO/PTR Consistency card.
2026-06-06 13:27:35 +09:00 · 2026-06-06 13:27:35 +09:00 · e168446b44
commit e168446b44
parent 27dcb1b0c3
10 changed files with 460 additions and 0 deletions
--- a/web/src/lib/components/DnsRecordsCard.svelte
+++ b/web/src/lib/components/DnsRecordsCard.svelte
@ -6,6 +6,7 @@
    import DkimRecordsDisplay from "./DkimRecordsDisplay.svelte";
    import DmarcRecordDisplay from "./DmarcRecordDisplay.svelte";
    import GradeDisplay from "./GradeDisplay.svelte";
+    import HeloPtrMatchDisplay from "./HeloPtrMatchDisplay.svelte";
    import MxRecordsDisplay from "./MxRecordsDisplay.svelte";
    import PtrForwardRecordsDisplay from "./PtrForwardRecordsDisplay.svelte";
    import PtrRecordsDisplay from "./PtrRecordsDisplay.svelte";
@ -92,6 +93,13 @@
                    {senderIp}
                />

+                <!-- HELO / PTR Consistency -->
+                <HeloPtrMatchDisplay
+                    heloHostname={dnsResults.helo_hostname ?? receivedChain?.[0]?.from}
+                    ptrRecords={dnsResults.ptr_records}
+                    heloPtrMatch={dnsResults.helo_ptr_match}
+                />
+
                <hr class="my-4" />

                <!-- Return-Path Domain Section -->