[Mimedefang] Re: Non-routable addresses in HELO

Joseph Brennan brennan at columbia.edu
Wed Jul 12 09:52:01 EDT 2006 

> Any mail server that is so poorly administered that is not offering a
> properly
> formatted HELO argument is not legitimate and should not be connected to
> the
> Internet. The RFC clearly states that the server *MUST* use a FQDN or
> bracketed
> literal IP address as the HELO argument. Anything else is explicitly
> prohibitted
> and grounds for rejecting the connection.
>
> --
> Paul Russell, Senior Systems Administrator
> OIT Messaging Services Team
> University of Notre Dame
> prussell at nd.edu


The fact is that many smaller companies and organizations fail to
comply with this standard.  At an .edu we have people who need to
communicate with such organizations.

We score for some types of bad helo, adding to whatever Spamassassin
scores.  As a result we do reject some mail with bad helo.  I am finding
it very very tiresome to explain this problem to one system admin after
another.  Since they can send mail to almost every other place on the
net, they must wonder about us.

Occasionally the system admin of a setup involving Exchange and firewalls
tells me that he cannot figure out any way to do it right with the
proprietary software.  I never know whether to believe that.

For scoring purposes we have classed the bad helos into categories
as follows.  Here's how many we rejected yesterday that matched HELO
tests.  These are mutually exclusive.

 54,319 reject	 'HELO localhost'
 70,531 reject   'HELO' with name or IP of our mail servers
 73,616	score 3  HELO string has no dots at all
 81,076	score 3  HELO string is not a hostname in DNS
 83,946 score 2  HELO string is the name of some other host
-------	
363,488 total

Yesterday we rejected a total 970,816 messages.

We accept without scoring two common errors.  One is helo string with
the name of another host in the same domain (foo.example.com says
'helo bar.example.com').  The other is when the IP addresses of the helo
string and the relay hostname have the same first three octets, another
variant of the same confusion.  These are errors, but not errors that
help diagnose spam and virus software.


Joseph Brennan
Columbia University Information Technology

More information about the MIMEDefang mailing list