On Jul 2, 2004, at 14:55, lists wrote:
> An SMTP server MAY verify that the domain name parameter in the EHLO
> command actually corresponds to the IP address of the client.
> However, the server MUST NOT refuse to accept a message for this
> reason if the verification fails: the information about verification
> failure is for logging and tracing only.
>
> I can't change my firewall to output traffic on a tunneled ip/port
> it's a
> limitation of Netscreen
Hmm, I don't think one has to do with the other. (Though I must admit
I am a bit unclear about what the exact problem is).
The RFC2821 snippet you quote above has to do with MTAs that lie about
who they are in the HELO greeting. It has nothing to do with whether
a connection on port 25 is accepted or not.
Moreover, the snippet states that the receiver "MUST NOT refuse to
accept a message [...] if verification fails". So the RFC statement
specifically does not impose any reasons for people to break any
(mis)configured servers.
-tor