[Mimedefang] Revisit: Filtering on HELO
John Rudd
john at rudd.cc
Mon Mar 26 14:23:36 EDT 2007
Philip Prindeville wrote:
> Web farms, VMware, etc. all throw whatever assumptions
> we had about multi-homing out the window.
Not when it comes to the HELO/EHLO name.
A very good reason for paying attention to the RFC prohibition on "not
rejecting a message due to mismatch between HELO/EHLO name and DNS name"
is exactly because of virtual hosts and virtual domains.
The correct solution is (always) for the _SERVER_ (recipient) to obey RFCs.
The client sends one of your own names or bracketed ip addresses as its
HELO name? Sure, reject that.
The client sends a non-bracketed IP address as its HELO name? Sure,
reject that.
The client sends some other name, that may or may not match the PTR
record for IP address of the socket? Or sends a bracketed IP address
that doesn't match the IP address of the socket? Accept it (and
possibly let Spam Assassin mark it up, or add a header that points out
the problem).
More information about the MIMEDefang
mailing list