Re: [exim] Exim server behind NAT router (and HELO)

Pàgina inicial
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
A: exim-users
Assumpte: Re: [exim] Exim server behind NAT router (and HELO)
On 18 Mar 2005 at 20:06, Greg A. Woods wrote about
    "Re: [exim] Exim server behind NAT r":


| [ On Wednesday, March 16, 2005 at 12:04:45 (-0800), Fred Viles wrote: ]
| > Subject: Re: [exim] Exim server behind NAT router (and HELO)
| >
| > The RFC's mandate a syntax (either a valid FQDN or an IP literal),
| > but don't allow the receiving MTA to reject based on the particular
| > name provided. So you'd be RFC clean with
| > "EHLO an.arbitrary.name.invalid".
|
| That's simply not true at all.

|
| The RFCs actually do require all SMTP clients to identify themselves
| truthfully and accurately. The HELO/EHLO parameter _MUST_ be a valid
| canonical hostname that resolves to the address its connection
| originates from. There are no if's, and's, or but's about it.


Quoting from section 4.1.4 in RFC-2821, dated April 2001:

   The SMTP client MUST, if possible, ensure that the domain parameter
                         ^^^^^^^^^^^
   to the EHLO command is a valid principal host name (not a CNAME or MX
   name) for its host.  If this is not possible (e.g., when the client's
   address is dynamically assigned and the client does not have an
   obvious name), an address literal SHOULD be substituted for the
                                     ^^^^^^ (not MUST)
   domain name and supplemental information provided that will assist in
   identifying the client.


   An SMTP server MAY verify that the domain name parameter in the EHLO
   command actually corresponds to the IP address of the client.
   However, the server MUST NOT refuse to accept a message for this
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   reason if the verification fails: the information about verification
   failure is for logging and tracing only.


- Fred