Re: [exim] Bogus HELOs

Top Page
Delete this message
Reply to this message
Author: Gary Allen Vollink
Date:  
To: Exim User's Mailing List
Subject: Re: [exim] Bogus HELOs

Greg A. Woods wrote:

> So long as it gets it right, what's the problem?!?!?!??


The possibility of getting it wrong is fairly high - though I've never
seen an Email system where you can't change the 'EHLO/HELO' string.
I've also never seen a mail system where you can change it based on the
host it's talking to (read on)...

>The requirement is, and always has been, that the client greet the
>server with its true, canonical, hostname. If the client has verified
>its own name before uttering it to the server then there's no reason it
>should allow some unskilled person to try to force it to use what might
>be an invalid name.
>
>

Who's to say my true canonical hostname is something you will ever find?

In the case where you have a multi-homed host (forget about the
complexities of NATed hosts)... there may be a wide disconnect between a
machine's given canonical name, and the host's name compared to DNS
settings (and from where). A server named galileo.exim.org may also
have (the more desirable) DNS name of mail.labs.exim.org. There is also
no requirement that my outbound server be the same as my domain's (MX)
inbound mail server. So in the case where my time server,
ntp.subnet.exim.org (srv-garg.labs.exim.org), is also acting as my
outbound mail server, the reverse lookup may not match my HELO/EHLO.
Similarly, while inside the network, the same exact host may be known as
'svr-galileo.lab1.inside' - so from internal relays, it's canonical name
would still 'appear' wrong when running reverse lookups.

Ignoring the HELO is safest (and suggested in the RFCs), and doing
anything else is fine for your 'home' server, but not good for a
business. That said, I would fully agree with bouncing helos that
mirror my server's name or IP.

Good luck,
Gary Allen Vollink