Fred Viles wrote:
>On 15 Mar 2005 at 22:02, Toralf Lund wrote about
> "[exim] Exim server behind NAT route":
>
>|...
>| Is anyone else running Exim in such a setup? What's the best way to get
>| a correct HELO?
>
>What is your definition of "correct"?
>
>
My definition? I don't have one as such. The RFCs mandate that the
HELO/EHLO data has a certain format, however.
>If it's a name that translates to your router's current dynamic IP, I
>can't think of any way short of superhuman efforts or a dynamic DNS
>service. E.g. a program to extract your current WAN IP from the
>router's web interface or an external site that reports the
>connecting IP, then doing a reverse lookup (which may not even yield
>an answer, depending on your ISP). Or you can set up an account with
>a dynamic DNS service like <http://www.dyndns.org/>, then you'd have
>a fixed name that always looks up to your current address.
>
>The NAT router isn't the problem, BTW, it's the dynamic IP address.
>FWIW, any site that insists that the HELO/EHLO name looks up to the
>connecting IP address is not very concerned about rejecting
>legitimate email.
>
Well, in my experience a large proportion of all spams and virus mails
have invalid HELO/EHLO names, and conversely, about 99% of all messages
with invalid data are spam or viruses. Of course, I wouldn't want to
block all messages until that number reaches 100%, but I don't want to
be the one that prevents it from ever getting there, if you know what I
mean.
> But rejecting mail from dynamic IP addresses is
>not at all uncommon. It's unfortunate but true that running an SMTP
>server on a dynamic IP address is increasingly unworkable on today's
>internet.
>
>
Yeah, I know. It's a shame, really, since I think the most convenient
e-mail setup is having the MUA connect to a local MTA that just sends
messages directly to the receiver. However, I still haven't come across
anyone that blocks "my" dynamic range. It may have something to do with
the fact that I'm using a relatively small and unknown ISP...
- Toralf
