On Sat, Dec 02, 2006, Karl Schmidt wrote:
> Some of our mail would be sent from a MTA that did not have a MX
> record (This MTA would only respond to our public MTA and LAN
> computers). I suspect they did a reverse call-back based on IP address
> instead of MX record.
For hosts lacking an MX record, falling back to A/AAAA is the only
correct behaviour. Not that I condone blocking because of a failed
callout check.
>> 1. bogus helo
>> This means that the sending email server connected to our mail server
>> and said "HELO [their IP]". RFC 1132 says that the HELO ("hello")
>> message should contain "a valid principal host domain name for the
>> client host".
Holy RFC 2821 Quoteth:
-->--
4.1.3 Address Literals
Sometimes a host is not known to the domain name system and
communication (and, in particular, communication to report and repair
the error) is blocked. To bypass this barrier a special literal form
of the address is allowed as an alternative to a domain name. For
IPv4 addresses, this form uses four small decimal integers separated
by dots and enclosed by brackets such as [123.255.37.2] [...]
--<--
This should apply to HELO/EHLO just as well.
--
Unix stuff :: http://tehran.lain.pl
Yet Another RBL :: http://rbl.lain.pl
