[Mimedefang] Revisit: Filtering on HELO
Jeff Rife
mimedefang at nabs.net
Sun Mar 25 22:40:25 EDT 2007
On 25 Mar 2007 at 20:05, Philip Prindeville wrote:
> Ok, putting this issue to bed for good. Quoting RFC-1123:
Well, not really, but we figured out which RFC you meant.
> 5.2.5 HELO Command: RFC-821 Section 3.5
>
> The HELO receiver MAY verify that the HELO parameter really
> corresponds to the IP address of the sender. However, the
> receiver MUST NOT refuse to accept a message, even if the
> sender's HELO command fails verification.
>
> Hmm. Or not. Ok, that was less conclusive than it should have
> been... Well, the operative sentence is "The HELO receiver MAY
> verify that the HELO parameter really corresponds to the IP address
> of the sender."
>
> How else to do that in the case of an address-literal than checking
> that the EHLO argument matches the address reported by getsockname()???
You can spend as many cycles as you want "verifying" this sort of
thing, but since you can't refuse the message based on the fact that
the HELO doesn't "match" the source IP ("MUST NOT refuse", in the very
text you quoted), it really doesn't matter, does it?
And, since you can stop so much without ever violating the RFC on HELO,
why even bother? Tossing out non-FQDN, IP addresses (not address-
literals, but bare IPs), and hostnames/address literals that resolve to
non-routable IPs would leave you with almost nothing left that wouldn't
"verify".
I don't even bother with the full check for resolving to non-routable
IPs (I don't do any DNS checks, so I only toss obvious ones) and still
see HELO checking stopping about half the potential spam, with
greylisting stopping the other half. Only about 2-5% of what was
obviously spam makes it through to SpamAssassin.
--
Jeff Rife |
| http://www.nabs.net/Cartoons/TiVoAndBeer.gif
More information about the MIMEDefang
mailing list