Autor: Phil Chambers Datum: To: Jakob Hirsch CC: 'Exim-users' Betreff: Re: [exim] Are we being harsh
On Mon, 04 Apr 2005 13:22:07 +0200 Jakob Hirsch <jh@???> wrote:
> They RFCs say, you must not reject a connection based on the HELO data,
> but they also say (said) that the sender must give correct HELO data.
In fact, section 4.1.4 says:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
I interpret that as being that you must not reject just because the domain in the
EHLO fails to match the IP address of the clien system. It does not say you must
not reject it for other reasons.
We reject if a system outside our network uses a domain or address which exists on
our network. We also reject if it claims to be a Hotmail (or several other) server
and the IP address does not reverse translate to a Hotmail one. We therefore reject
because of forgery, not because it fails to verify.
Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter