Author: Russell King Date: To: Jakob Hirsch CC: 'Exim-users' Subject: Re: [exim] Are we being harsh
On Mon, Apr 04, 2005 at 01:22:07PM +0200, Jakob Hirsch wrote: > Ron McKeating wrote:
> > The user says they have no trouble sending to other sites, we say they
> > should set their server up with a proper hello name.
> >
> > Are we being too harsh ?
>
> AWGTHTGTTA?
>
> They RFCs say, you must not reject a connection based on the HELO data,
> but they also say (said) that the sender must give correct HELO data.
I don't read RFC2822 that way. Yes, I know this has been rehashed
several times, but it keeps on bugging me that people seem to be
extending the wording of the RFC. RFC2822 4.1.4 actually says:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
To me, this seems quite clear. I understand this to mean that you must
not reject an EHLO if you're unable to verify that the EHLO domain
parameter correponds with the IP address of the client. That's fine,
no problem with that. (If anyone did implement that, they'll probably
block half the Internet from their mail server.)
However, it appears that there's no prohibition in this RFC on rejecting
the EHLO for other reasons. For instance, a known ficticious domain
name, a domain name being used in obviously a forged manner, your own
domain name/IP literal being used by others, etc.
(Then there are arguments about whether RFCs can dictate site policy,
which are a separate discussion altogether.)
