Re: [Exim] forged HELO/EHLO addresses

Top Pagina
Delete this message
Reply to this message
Auteur: Alan J. Flavell
Datum:  
Aan: Exim Users Mailing List
Onderwerp: Re: [Exim] forged HELO/EHLO addresses
On Wed, 12 Nov 2003, Greg A. Woods wrote:

> [ On Wednesday, November 12, 2003 at 14:23:52 (+0000), Alan J. Flavell wrote: ]
> > Subject: Re: [Exim] forged HELO/EHLO addresses
> >
> > Btw., observant readers will have noticed that our recipe doesn't
> > accept the "[ipaddress]" notation, even though it's technically legal.
> > IMHO that's an obsolete usage
>
> How can you possibly consider the only valid alternative to working DNS
> to be "obsolete"?


The alternative to working DNS is presumably non-working DNS? We
don't make any attempt to validate the HELO that's presented: if they
presented ratware.biz.invalid then we'd say OK, that's a syntactically
legal domain, and proceed as normal...

> Surely you don't consider the DNS to be so universal
> and foolproof, even at your own site, that you're willing to give up on
> the one last resort anyone has of contacting you by way of SMTP when the
> DNS fails!


Hang on - when "the DNS fails", the only thing that will happen is
that we'll toss a few points into the spam score for their IP failing
to look up. And I already said that in the event of us rejecting an
offer of mail, the sender gets invited to contact the postmaster
address; and I already said that a useful benefit of deferring the
HELO check until RCPT time was so that we could accept postmaster mail
and discuss the problem with the would-be sender.

That "last resort" is some way further off, I think. (Probably
somewhere in Florida, I reckon...)

> > and we've never seen a bona fide MTA
> > using it when offering is mail, although we've seen quite a proportion

                           ^^ -> "us", sorry for the typo...

> > of attempts that could be seen to be spam.
>
> I.e. your attitude on this matter really does a disservice to the rest
> of the Internet community.


(I mentally predicted, while I was composing that mail, that you would
respond to it. I still haven't quite worked out where the limits of
your adherence to the RFCs lie, though.)

> > On the other hand, something like "HELO 11.22.33.44" would slip past
> > the above recipe unchallenged.
>
> You should think about fixing that -- a good chunk of spam I see which
> gets past many other checks is sent that way.


OK, I'll put in a warning, and let you know how effective it is.

But I'm surprised to see you arguing this, seeing as how the RFC says
we're not allowed to reject mail merely on taking a dislike to their
HELO.

Apropos pedantic adherence to RFC: if they present us with our own
domain name in the HELO, then the HELO is syntactically OK, and the
name would look up in the DNS (if we were to test that), and the RFC
says we're not allowed to reject mail on the basis of a wrong HELO
anyway. But we reject it, nevertheless. You wanna have a fight over
that too?

all the best