On Mon, Nov 19, 2001 at 03:22:02PM -0500, Dave C. wrote:
> MANY, MANY legitimate hosts on the internet are not configured to give a
> HELO string that matches any hostname that corrosponds to any IP
> address..
Any mail server behind a nat firewall for one
(outbound mail gets masqueraded, inbound mail comes on 25, which is
forwarded to the internal machine)
All my linux users sending mail from their laptop on whatever intranet they
happen to be sitting on (the hostname in HELO can be valid, but obviously
it's going to be different from the reverse name linked to the firewall's
outbound IP)
> The best thing to do about bogus HELO strings is to make sure that your
> Received headers always indicate the real IP address of the remote
> connection, and clearly distinguish between a hostname derived from
> reverse lookup (if any), and the string given as an argument to HELO.
Yep.
I care about what IP the mail came from, I care that the header and envelope
sender are correct (so that I can bounce back as needed).
As far as HELO is concerned, it's actually useful if it has some
"hostfoo.intranet.company.tld" value, because even if I can't look it up, I
can contact the company.tld postmaster and tell them that hostfoo is busted.
Without this unresolvable hostname, all I'd have is nat.company.tld in the
received lines, which doesn't help the postmaster over there to track down
the real sender.
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key
