Philip Hazel wrote:
> On Thu, 26 Oct 2006, Peter Bowyer wrote:
>
>
>>>250 xxx.net Hello xxx.net [82.230.172.234]
>>>
>>>HELO is still allowed. I really would like to deny it here.
>>
>>HELO support is a required part of SMTP, as has already been
>>explained. It's not possible, and not sensible, to disallow it.
>
>
> Well, it is possible, though I entirely agree that it is not sensible!
> You can check for HELO vs EHLO in an ACL.
>
Certainly a potential problem in public-facing smtp.
However, I can see a *perceived* value IF used ONLY within a de-facto 'private
email system'. Even so, several other Exim tools seem to be far better suited
to that use.
Rules for specific hostlists could include:
- requiring *specific* SSL/TLS cert matches
- arrival over specified VPN networks
- use (for internal LAN's) of non-routable IP's
and, of course, the 'general case' - that of using, instead of port 25, port 24
- which was set aside for that purpose [1] long ago - so as to segregate such
traffic from the 'rest of' the smtp arrivals.
Bill
[1]
24/udp # any private mail system
24/tcp # any private mail system
