Re: [exim] hostname and HELO/EHLO response

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMExim User's Mailing List at <-
MExim User's Mailing List at ->
Delete this message
Reply to this message
Author: Stuart Gall
Date:  
To: Exim User's Mailing List
Subject: Re: [exim] hostname and HELO/EHLO response

On 21 Oct 2004, at 21:48, Greg A. Woods wrote:

> [ On Thursday, October 21, 2004 at 18:25:28 (+0300), Stuart Gall
> wrote: ]
>> Subject: Re: [exim] hostname and HELO/EHLO response
>>
>>
>> It might be worth mentioning What RFC ?
>
> RFC 1123 5.2.5
>
> (note that the pending new RFC for SMTP, 2821, says very much the same,
> using approximately the same confusing and misleading wording, though
> of
> course RFC 1123 still prevails as the overall host requirements RFC)
>
>
>> Last RFC I read on SMTP said you are not supposed to reject on helo
>> what ever it contains.
>
> Then you did not quite read it 100% correctly. RFCs cannot dictate
> site
> policies.

Yes but read on ............. 

The sender-SMTP MUST ensure that the <domain> parameter in a
          HELO command is a valid principal host domain name for the
          client host.  As a result, the receiver-SMTP will not have to
          perform MX resolution on this name in order to validate the
          HELO parameter.


          The HELO receiver MAY verify that the HELO parameter really


RFC1123                  MAIL -- SMTP & RFC-822             October 1989


          corresponds to the IP address of the sender.  However, the
          receiver MUST NOT refuse to accept a message, even if the
          sender's HELO command fails verification.




>
> What that section in the RFC does say is that a client "MUST" greet a
> server with its true and verifiable canonical hostname.
>
> (of course that RFC is self-contradictory and thus very misleading to
> those who do not first learn what RFCs can and cannot do)
>
> Nobody is forced to do that either -- and many sites will allow SMTP
> clients to lie about their hostname, or to use otherwise bogus or
> invalid hostnames.

Nobody is forced to do anything. I am just saying that the
administrator has configured their server
to tell people to read the RFC when they themselves are violating it.

>
> However the whole point is that if a sending site wants to maximize its
> ability to deliver mail to arbitrary third party domains then it "MUST"
> use its proper, verifiable, canonical, hostname. It's just like going
> to a meeting and lying about your name when you introduce yourself to
> anyone -- the result is not always going to be what you might hope for.

I dont believe anyone except a spammer would deliberately forge the
HELO but many sites have poorly configured servers
when an important client has a badly configured server no one wants to
hear from sysadmin that it is their fault :-(((


>
> (yes the IP address literal trick works most places too, but not
> everywhere)
>
> -- 
>                         Greg A. Woods

>
> +1 416 218-0098                  VE3TCP            RoboHack 
> <woods@???>
> Planix, Inc. <woods@???>          Secrets of the Weird 
> <woods@???>

>
>
-------------------------------------------------------------------
Stuart Gall
Systems Administrator
-------------------------------------------------------------------
No user serviceable parts inside? Ill be the judge of that!



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Separate ScriptRe: [exim] Rejecting attachment extensions on a per user basis->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)