[ On Friday, May 20, 2005 at 11:25:52 (+0100), Nigel Metheringham wrote: ]
> Subject: Re: [exim] Bogus HELOs
>
> On Fri, 2005-05-20 at 10:58 +0100, Mark Smith wrote:
> > Are there any *valid* reasons for a mailserver's HELO greeting not matching
> > the hostname obtained from rDNS?
>
> Not really.
Indeed. :-)
> However you are technically not allowed to reject based on
> HELO strings
Well, any mailer is _technically_ allowed to reject anything it wants
for any reason(s) whatsoever. Nobody, least of all the IETF and/or any
RFC author, can force a site to receive mail they don't want.
> and if you require HELO and reverse DNS to match you will
> have a very quiet life unless your users object to losing a lot of
> otherwise valid mail.
Mark keep in mind that the actual requirement is that the HELO/EHLO
parmeter _MUST_ resolve to an A record which gives the address the
client is connecting from.
Whether or not the reverse DNS (PTR for that address) is also required
to resolve to a matching hostname is an entirely separate issue, i.e.
whether or not you think it should depends more upon how well you trust
the DNS and how well you think the reverse DNS can be used to
authenticate hostnames.
--
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
