Re: [exim] Exim server behind NAT router (and HELO)

Top Page
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: Jakob Hirsch
CC: Exim User's Mailing List
Subject: Re: [exim] Exim server behind NAT router (and HELO)
[ On Wednesday, March 23, 2005 at 11:45:13 (+0100), Jakob Hirsch wrote: ]
> Subject: Re: [exim] Exim server behind NAT router (and HELO)
>
> Matt Fretwell wrote:
>
> > If, according to the RFC's, a client MUST helo with a valid hostname, and
> > doesn't, why should the reference to 'must not refuse to accept', (or
> > something similiar), be adhered to?
>
> because the old "be strict when sending and tolerant when receiving"
> principle was really not invented in vain.


You seem to suffer from more than one drastic misunderstanding of the
intent and goals of Internet protocol specifications and guidelines.
Hopefully we can clear up this most recently revealed misunderstanding
right here and now.

The so-called "Robustness Principle" cannot, and MUST NOT, be used as a
poor excuse to justify invalid attempts to shove policy rules at sites
that have every right to choose their own policies. Robustness must
also never come at the expense of security.

No site is required to accept every SMTP transaction fed to it. Every
site is completely free to make up any random excuse they wish to
explain why they won't accept any given transaction. If a site wants to
report that they're rejecting your message because the sky happens to be
cloudy at the moment then that's the explanation you _MUST_ accept.
However it usually is considered common courtesy between neighbours to
explain the real reasons why you're rejecting their transactions and so
if a site chooses to verify the HELO parameter, and uses the results of
that verification to decide whether or not to go to the next step in
accepting an SMTP transaction, don't you think it would nice for that
site to explain that they don't like your hostname when they reject your
transaction? Or would you rather they just gave the cloudy day excuse?

The robustness principle is _only_ about the low-level bits and bytes
and syntax wiggles within a "relaxed" protocol specification such as
that for SMTP. I.e. it's about allowing clients to send commands made
up of lowercase letters when the specification only refers to use of
uppercase letters; or about allowing extra whitespace where only one
space might be specified.

-- 
                        Greg A. Woods


H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>