[Mimedefang] Bouncing on invalid HELO/EHLO
Les Mikesell
les at futuresource.com
Thu Jun 12 19:11:00 EDT 2003
On Thu, 2003-06-12 at 16:20, David F. Skoll wrote:
> > "The HELO receiver MAY verify that the HELO parameter really
> > corresponds to the IP address of the sender. However, the
> > receiver MUST NOT refuse to accept a message, even if the
> > sender's HELO command fails verification."
>
> That's ambiguous. Does it mean you can't reject a message if the HELO
> parameter fails that single test (IP address doesn't match), or you
> can't reject if the HELO parameter fails any other test of your
> choosing?
It means that you can insert a 'may be forged' note in the received
header or something like that but if you want to follow the RFC's
you can't reject based on an ip/name mismatch. A multihomed host
may not source from the address associated with the name it gives.
In this age of paranoid firewalls and NAT gateways there are probably
a lot of hosts that aren't even aware of the IP address seen by the
outside world.
Personally I don't think you can claim RFC-compliance if you reject
based on any IP address related test but maybe nobody cares anymore.
Syntax errors in the hostname are a different matter.
---
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list