[Mimedefang] Rejecting forged senders - comments?

John Rudd john at rudd.cc
Wed Sep 20 09:51:10 EDT 2006

Jan-Pieter Cornet wrote:
> On Wed, Sep 20, 2006 at 01:44:22AM -0700, John Rudd wrote:
>> But:
>> 1) to reject based on the content of the HELO string is an RFC violation
> This is a blatant and oft-repeated lie. Section 4.1.4 in RFC2821 contains
> very specific wording. Only an IP mismatch is disallowed as a reason for
> rejection. For any other violation, even if it's a local policy violation,
> you are allowed to reject the HELO/EHLO argument.
A) it is at most a misunderstanding and not a lie.

B) you're wrong.  However, instead of calling you a liar, I will merely 
say that you haven't done your homework:

 From section 4.1.4 of RFC 2821:

   An SMTP server MAY verify that the domain name parameter in the EHLO
   command actually corresponds to the IP address of the client.
   However, the server MUST NOT refuse to accept a message for this
   reason if the verification fails: the information about verification
   failure is for logging and tracing only.

You MUST NOT reject based on the presence of bogus host information in 
the HELO/EHLO command.

More information about the MIMEDefang mailing list