[Mimedefang] Rejecting forged senders - comments?
John Rudd
john at rudd.cc
Wed Sep 20 09:51:10 EDT 2006
Jan-Pieter Cornet wrote:
> On Wed, Sep 20, 2006 at 01:44:22AM -0700, John Rudd wrote:
>
>> But:
>> 1) to reject based on the content of the HELO string is an RFC violation
>>
>
> This is a blatant and oft-repeated lie. Section 4.1.4 in RFC2821 contains
> very specific wording. Only an IP mismatch is disallowed as a reason for
> rejection. For any other violation, even if it's a local policy violation,
> you are allowed to reject the HELO/EHLO argument.
>
>
A) it is at most a misunderstanding and not a lie.
B) you're wrong. However, instead of calling you a liar, I will merely
say that you haven't done your homework:
From section 4.1.4 of RFC 2821:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
You MUST NOT reject based on the presence of bogus host information in
the HELO/EHLO command.
More information about the MIMEDefang
mailing list