Re: [Exim] HELO & multiple domains

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Andreas Metzler at <-
MMMjzaw at ->
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] HELO & multiple domains
Hi jzaw, on Sun, 23 Nov 2003 17:46:47 +0000 you wrote:

> > helo_data = ${lookup{${lc:$sender_address_domain}}lsearch \
> > {/etc/mail/domains/helo}{$value}{$primary_hostname}}
> that looks v cool and i think ill add something similar to mine (im
> also a relative newbie)

Whilst that idea is potentially useful, can I just add a note of caution
here that making up random HELO names that "sound good" is not a
particularly good idea as a general rule - it is supposed to be meaningful
so (as someone said) you should definitely have at least an A record for
any HELO names you are giving, and if at all possible it would be good to
have consistent reverse DNS. (I am sure Greg W will be pleased to put it
in stronger words than that :)

(Being pragmatic, I doubt you'll find many people enforcing consistent
forward and reverse DNS but still, I think over time most people are
gradually enforcing various standards with increasing strictness, purely
to try to stop spam, so if for no other reason it would probably be a good
idea to adopt "best practice" so you don't end up looking like a spammer
to someone).

If only for your own sanity, I would limit the number of "identities" to
the bare minimum, because otherwise you are going to have to keep the DNS
in sync for each "identity", which is likely to be a real PITA with any
significant number of "identities" and is going to be an ever-growing and
thankless task that ultimately doesn't really add any functional benefit
(although I can fully appreciate the reasons behind it).

> but the rdns will surely still turn up the numeric ip and that will in
> turn turn up a potentially different domain name such as my generic
> dsl-217-155-x-x.zen.co.uk

Of course - however much you fiddle with HELOs, you are not going to be
able to change the fact that someone can see your IP and do an rDNS on it.
If this is a problem (e.g. due to "unprofessional" rDNS - and I know the
problem, I've tried in the past to beat BT around the head to get any kind
of controllable rDNS on a business ADSL line before with no success), you
could look into getting a provider that gives you controllable rDNS.
Although I haven't used them personally, I know for a fact that at least
PlusNet in the UK do this (at least for business ADSL) and have heard good
things about them. Needless to say, you'd also expect controllable rDNS
with anything "above" ADSL i.e. leased lines, colocated machines,
whatever.

Assuming you had controllable rDNS, there are two possible solutions to
the problem of people doing reverse DNS on a machine which is
"masquerading" with different identities: you could have multiple PTR
records for it, although since only one of them will typically get used in
things like header lines, this may not help with the aesthetic aspect, or
if you have multiple IPs at your disposal (which the original poster
didn't, unfortunately) you could have multiple interfaces on the machine
and use different IPs for different purposes each with its own unique
forward and reverse DNS (this would probably be the best, and simplest way
of achieving the "mutiple identities" desired).


Tim


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] whitelists at smtp timeRe: [Exim] HELO & multiple domains->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)