John Jetmore wrote:
> On Mon, 6 Nov 2006, Wakko Warner wrote:
>
>> mind. If the HELO is different, why not verify it? If you have a host that
>> is legit doing this, the A record of the HELO should match the IP and you
>> could allow that to pass. Most of the HELOs that I have seen are more of
>
> I've been trying to ignore this thread but this is just such a bad idea
> and depends on invalid assumptions. I have what I believe to be a fairly
> common mail setup
Many common mail setups are perfectly bad too. Commonness is not a sign
of quality in itself.
> that is perfectly legal but causes a single IP to source
> multiple IPs. I have a pool of servers that are used by our billing
> system. They are behind a firewall PAT address, so on the public internet
> the PAT address appears to be sending SMTP connections with different HELO
> strings.
>
> These servers have valid MX records in DNS. These MX records have
> _nothing_ to do with the PAT address. They do _not_ have public A
> records because there is no need for them.
Just have a look at
http://www.dnsreport.com/tools/dnsreport.ch?domain=cinergycom.com
>
> There is nothing illegal about the above configuration, everything that
> needs to be valid is valid. But there's nothing tying any of the HELO
> strings to the originating PAT address that I can see. Any scheme you
> come up with to "validate" the HELO strings (or at least all the ones I've
> seen so far) will fail, even though it's all kosher.
>
> --John
>
--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100
