[ On Friday, May 20, 2005 at 14:07:23 (+0200), Marc Haber wrote: ]
> Subject: Re: [exim] Bogus HELOs
>
> That depends on what you think as "valid". It needs some serious
> tweaking to have exim issue the correct HELO if the machine has more
> than one IP address, and it is _very_ hard to correctly HELO when exim
> is behind a NATting router whose outside interface might have changing
> IP addresses.
No, it is not -- or rather, it _MUST_ not be "hard" in any way for any
mailer to utter its correct public name, even if it is behind a NAT.
If it is then your NAT is effectively useless for reliable e-mail service.
(e.g. a NAT behind a dynamic public address would be useless for general
e-mail use -- it must be pointed only to your ISP's authorized outbound
relay.)
> I suspect that there is mail server software out there that doesn't
> allow tweaking the HELO name at all.
So long as it gets it right, what's the problem?!?!?!??
The requirement is, and always has been, that the client greet the
server with its true, canonical, hostname. If the client has verified
its own name before uttering it to the server then there's no reason it
should allow some unskilled person to try to force it to use what might
be an invalid name.
--
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>