[Mimedefang] Revisit: Filtering on HELO
Les Mikesell
les at futuresource.com
Fri Mar 23 09:03:31 EDT 2007
Philip Prindeville wrote:
>> We check for localhost or 127.0.0.1
>> We check for our name.
>> We check for our IP address with/without ['s
>> We check for helo of friend
>> We check for helo where length < 3 or doesn't have dots.
>
> I would add to all that also checking that if the
> remote end says "HELO [x.x.x.x]", that the x.x.x.x
> really is the same as their $hostip (or whatever)
> and not some other address.
>
> A lot of hosts say "HELO 1.2.3.4" when their address
> is really 5.6.7.8.
>
> If they can't be trusted to figure out their own
> address, then they're probably pretty broken (and
> that includes being behind a NATing firewall as we
> are).
Many hosts are multi-homed and thus have more than one address. I don't
think mailers are required to match the HELO to the interface that
happens to be used for the connection. Also in the NAT case it may or
may not be possible for anyone to know the address that will be seen on
the other side.
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list