[Mimedefang] Revisit: Filtering on HELO

[Jeff Rife]

On 23 Mar 2007 at 23:20, Philip Prindeville wrote:

> Les Mikesell wrote:
> > Many hosts are multi-homed and thus have more than one address.  I don't 
> > think mailers are required to match the HELO to the interface that 
> > happens to be used for the connection.  Also in the NAT case it may or 
> > may not be possible for anyone to know the address that will be seen on 
> > the other side.
> >   
> 
> Under the Posix (sockets) interface, you create a socket(),
> initiate the connect() to the remote host, then you can do
> a getsockaddr() to get the *local* address that the socket
> was bound to when the outgoing interface was selected
> during the connect.
> 
> Which is who you announce yourself to be.

AFAIK, that's not what sendmail does by default, and since we're all 
pretty serious sendmail users here, if your filter is requiring 
something that is not sendmail default behavior, it's probably a "bad 
thing" for your filter to do this.

Sendmail checks the configured hostname, and if there is not one 
(admittedly rare), then it should use the address literal of the 
default interface, unless you have specifically told it to bind to only 
one interface.

> Remember: the original requirement of the HELO command
> was to avoid mail loops by helping a host identify when it's
> looped back on itself.

Your "announce myself as the connecting interface" idea won't help 
this, since it's likely that any local interface is not a public IP, 
and thus would obviously not be unique in any way, which would not help 
avoid loops.  


--
Jeff Rife | "But as much as everybody loves you, there is 
          |  one question that keeps coming up...how dumb 
          |  WAS she?" 
          |         -- Tempus to Lois Lane