Re: [Exim] HELO & multiple domains

Top Page
Delete this message
Reply to this message
Author: jzaw
Date:  
To: exim-users
Subject: Re: [Exim] HELO & multiple domains
On Sunday, Nov 23, 2003, at 21:57 Europe/London, Tim Jackson wrote:

> Hi jzaw, on Sun, 23 Nov 2003 17:46:47 +0000 you wrote:
>
>>> helo_data = ${lookup{${lc:$sender_address_domain}}lsearch \
>>> {/etc/mail/domains/helo}{$value}{$primary_hostname}}
>> that looks v cool and i think ill add something similar to mine (im
>> also a relative newbie)


maybe i wont then ... lol

> Whilst that idea is potentially useful, can I just add a note of
> caution
> here that making up random HELO names that "sound good" is not a
> particularly good idea as a general rule - it is supposed to be
> meaningful
> so (as someone said) you should definitely have at least an A record
> for
> any HELO names you are giving,


it would never be my intention to give random HELO's
would having a HELO that was the real domain for the sending email
address be ok?
my mail box only gives one HELO ... im not overly bothered by that

> and if at all possible it would be good to
> have consistent reverse DNS. (I am sure Greg W will be pleased to put
> it
> in stronger words than that :)


would love that too ... but i wont move isp just for that ;-)

> (Being pragmatic, I doubt you'll find many people enforcing consistent
> forward and reverse DNS but still, I think over time most people are
> gradually enforcing various standards with increasing strictness,
> purely
> to try to stop spam, so if for no other reason it would probably be a
> good
> idea to adopt "best practice" so you don't end up looking like a
> spammer
> to someone).


agree, start out as you mean to go on

> If only for your own sanity, I would limit the number of "identities"
> to
> the bare minimum, because otherwise you are going to have to keep the
> DNS
> in sync for each "identity", which is likely to be a real PITA with any
> significant number of "identities" and is going to be an ever-growing
> and
> thankless task that ultimately doesn't really add any functional
> benefit
> (although I can fully appreciate the reasons behind it).


my head spins with all this as it is!

>> but the rdns will surely still turn up the numeric ip and that will in
>> turn turn up a potentially different domain name such as my generic
>> dsl-217-155-x-x.zen.co.uk
>
> Of course - however much you fiddle with HELOs, you are not going to be
> able to change the fact that someone can see your IP and do an rDNS on
> it.
> If this is a problem (e.g. due to "unprofessional" rDNS - and I know
> the


for my part im not overly bothered by the cosmetic aspect of the rdns
though it would be nice for cosistancy and potentially future security
as ppl start to maybe require that dns == rdns

but it was my interpretation that the original poster found that his
customer was tracing his websites via his HELO's and ips and seeing
pages that didnt look quite so professional .... as i said in my first
post ... more an apache question really

> problem, I've tried in the past to beat BT around the head to get any
> kind
> of controllable rDNS on a business ADSL line before with no success),
> you
> could look into getting a provider that gives you controllable rDNS.
> Although I haven't used them personally, I know for a fact that at
> least
> PlusNet in the UK do this (at least for business ADSL) and have heard
> good
> things about them. Needless to say, you'd also expect controllable rDNS
> with anything "above" ADSL i.e. leased lines, colocated machines,
> whatever.


we've been trying to get zen adsl to play ball on this with no real
luck except the "its around the corner" answer (for the last two
years!!)

> Assuming you had controllable rDNS, there are two possible solutions to
> the problem of people doing reverse DNS on a machine which is
> "masquerading" with different identities: you could have multiple PTR
> records for it, although since only one of them will typically get
> used in
> things like header lines, this may not help with the aesthetic aspect,
> or
> if you have multiple IPs at your disposal (which the original poster
> didn't, unfortunately) you could have multiple interfaces on the
> machine
> and use different IPs for different purposes each with its own unique
> forward and reverse DNS (this would probably be the best, and simplest
> way
> of achieving the "mutiple identities" desired).


aye, i have 5 ips at my disposal ... but im sure thats more complicated
than i want to make it
if i had proper rdns i might be tempted

one HELO suffices for me for now i guess

thanks for the gen up

Zaw