Re: [Exim] acl_smtp_helo question

Hi Kyle, on Wed, 17 Mar 2004 10:48:01 -0500 you wrote:

> So I was poking at acl_smtp_helo today, and had the usual checks
> set up: deny if the caller identifies itself as me by IP,
> hostname, or domain.

I'm personally more inclined to do such HELO checks at the RCPT stage; it
gives the offender a chance to contact postmaster@yourdomain then, plus
causes less problems with hosts that retry excessively or otherwise react
badly to 5xx's at HELO time.

> But at one point I telnetted to my server to test it, and
> noticed that if I ignored the "Bad HELO:" message and proceeded
> on to "MAIL FROM:", I was able to complete my message normally.

I may be wrong (so don't quote me on it), but IIRC from the RFCs, it's
(perhaps surprisingly) OK for a client to continue after 5xx errors at
HELO. (I presume the thought was something like "well, it's bad, but an
invalid HELO doesn't need to stand in the way of the rest of the SMTP
session completing OK") Which would explain why Exim allows it. Another
reason to reject at RCPT rather than HELO time I guess.


Tim