Re: exim HELO=fully qualified host name?

To: Debian-User <debian-user@lists.debian.org>
Cc: Derrick 'dman' Hudson <dman@dman13.dyndns.org>
Subject: Re: exim HELO=fully qualified host name?
From: Vincent Lefevre <vincent@vinc17.org>
Date: Tue, 2 Mar 2004 10:31:58 +0100
Message-id: <[🔎] 20040302093158.GD598@greux.loria.fr>
Mail-followup-to: Debian-User <debian-user@lists.debian.org>, Derrick 'dman' Hudson <dman@dman13.dyndns.org>
In-reply-to: <[🔎] 20040301200817.GA32426@dman13.dyndns.org>
References: <20040206140715.GA10467@skink.net> <1076078257.9547.44.camel@zepto> <slrnc27im4.7ng.spam@home.bounceswoosh.org> <1076091970.9547.60.camel@zepto> <20040206193230.GA5570@dman13.dyndns.org> <1076106680.979.57.camel@zepto> <20040211051529.GK5337@ay.vinc17.org> <20040224032428.GA7887@dman13.dyndns.org> <20040229211623.GK9063@ay.vinc17.org> <[🔎] 20040301200817.GA32426@dman13.dyndns.org>

On 2004-03-01 15:08:17 -0500, Derrick 'dman' Hudson wrote:
> On Sun, Feb 29, 2004 at 10:16:23PM +0100, Vincent Lefevre wrote:
> | RFC 2821:
> | 
> |    An SMTP server MAY verify that the domain name parameter in the EHLO
> |    command actually corresponds to the IP address of the client.
> |    However, the server MUST NOT refuse to accept a message for this
> |    reason if the verification fails: the information about verification
> |    failure is for logging and tracing only.
> 
> You have a nice Catch-22 here.  The receiver is not allowed to reject
> bad data, but the sender isn't allowed to send it either!

This isn't necessarily bad data. Some machines have several interfaces,
i.e. several IP addresses, and several FQDNs may resolve to the same
IP address; so, the FQDN and the IP address seen by the server won't
always match. Same problems with machines on private networks, when
NAT is used.

> It boils down to what you, as a receiver, find acceptable.  I find
> requiring the HELO to be syntactically correct and fully-qualified to
> be effective at limiting junk (spam and viruses) while not causing
> significant collateral damage.  I think requiring the name to resolve
> to the same address as the client connecting is being too strict.  In
> fact, I have found that requiring the name to resolve to anything
> creates too much collateral damage.  YMMV.

Well, I think that requiring a FQDN (i.e. with at least a dot) is even
too much, as the FQDN is completely useless and most spam messages are
sent with a valid FQDN anyway.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> - 100%
validated (X)HTML - Acorn Risc PC, Yellow Pig 17, Championnat International
des Jeux Mathématiques et Logiques, TETRHEX, etc.
Work: CR INRIA - computer arithmetic / SPACES project at LORIA

Reply to:

Follow-Ups:
- Re: exim HELO=fully qualified host name?
  - From: "Derrick 'dman' Hudson" <dman@dman13.dyndns.org>

References:
- Re: exim HELO=fully qualified host name?
  - From: "Derrick 'dman' Hudson" <dman@dman13.dyndns.org>

Prev by Date: Re: sarge installation troubleshooting
Next by Date: Re: Video card - AGP 8x???
Previous by thread: Re: exim HELO=fully qualified host name?
Next by thread: Re: exim HELO=fully qualified host name?
Index(es):
- Date
- Thread