In message <1092964626.6899.197.camel@???>, Kjetil
Torgrim Homme <kjetilho@???> writes
>On Tue, 2004-08-17 at 12:35 +0000, Peter Bowyer wrote:
>> I suggest (and use) the following set of measures in our virtual-domain
>> system, in order of increasing cost:
>>
>> 1. HELO checking - disallow bare IPs, HELO with any of your domains[1],
>> HELO not FQDN[1]
>> [...]
>> We've not found any FP issues at all with stages 1-6
>
>really? we have 2-3 cases per week where we reject e-mail from systems
>without FQDN HELO, or the name contains underscore, or their nameserver
>isn't responding (sender verify). we also get the odd false positive
>from sites which are open relays. changing our policy isn't being
>considered, and indeed many of these sites have fixed the problem after
>we told them about.
>
>(I call these false positives since the recipient actively wants the
>correspondence.)
Just FYI, this weekend I came across the following "false positive" for
"don't accept email that says HELO to yourself"
This is from a DLink DI-704P (a popular make of router, used to provide
home networking behind a cable modem or similar). This has a function to
email its status log to a given email address. The ONLY setting the user
provides is the destination, in this case I used richard@???
The incoming email looked like this (with a few xxx's obscuring
irrelevant details for privacy)
Return-path: <richard@???>
Received: from xxxxxxxx.cable.ubr05.shef.blueyonder.co.uk
([82.38.xxx.xx] helo=highwayman.com)
by mail.highwayman.com with esmtp (Exim 4.41)
id 1ByVsR-0003pG-7B
for richard@???; Sat, 21 Aug 2004 14:25:47 +0100
Subject: Router log
--- Log Begin ---
etc
so from this evidence the router clearly looked up the MX record for
highwayman.com and then proceeded to
HELO highwayman.com
MAIL FROM richard@???
RCPT TO richard@???
which is of course "broken" and could be relatively easily fixed by the
firmware writer, but prior to that ever occurring, of course I would
still view it as a "false positive" since I rather wanted the email
I think there's quite of lot of this manufacturer's kit out there :(
- --
richard @ highwayman . com "Nothing seems the same
Still you never see the change from day to day
And no-one notices the customs slip away"
