[Mimedefang] Revisit: Filtering on HELO
Kevin A. McGrail
kmcgrail at pccc.com
Fri Mar 16 16:42:09 EDT 2007
> Those are solid, I agree, except as I was saying some with no dots
> are actually small-time organizations misled by Windows software.
Well, there is definitely what could be argued as a loophole.
RFC 2821 states that a sender should use EHLO first and then try HELO. And
that "the argument field contains the fully-qualified domain name of the
SMTP client if one is available." In situations in which the SMTP client
system does not have a meaningful domain name (e.g., when its address is
dynamically allocated and no reverse mapping record is available), the
client SHOULD send an address literal (see section 4.1.3), optionally
followed by information that will help to identify the client system.
SHOULD means in RFC-speak that it should do what is said unless you
understand the ramifications of not following the recommendation. In short,
I see nothing in the RFC that could argue that sending just the hostname is
proper. It's either the FQDN or the address literal.
> When the helo is an IP in [ ], it should be $RelayAddr in there.
> Not for example 18.104.22.168 saying "helo [22.214.171.124]" or
> 126.96.36.199 saying "helo [188.8.131.52]". But this might not
> be common enough to bother with.
I worry about firewalls.
More information about the MIMEDefang