[Mimedefang] Revisit: Filtering on HELO

Kevin A. McGrail kmcgrail at pccc.com
Fri Mar 16 15:42:09 EST 2007


> Those are solid, I agree, except as I was saying some with no dots
> are actually small-time organizations misled by Windows software.

Well, there is definitely what could be argued as a loophole.

RFC 2821 states that a sender should use EHLO first and then try HELO.  And 
that "the argument field contains the fully-qualified domain name of the 
SMTP client if one is available." In situations in which the SMTP client 
system does not have a meaningful domain name (e.g., when its address is 
dynamically allocated and no reverse mapping record is available), the 
client SHOULD send an address literal (see section 4.1.3), optionally 
followed by information that will help to identify the client system.

SHOULD means in RFC-speak that it should do what is said unless you 
understand the ramifications of not following the recommendation.  In short, 
I see nothing in the RFC that could argue that sending just the hostname is 
proper.  It's either the FQDN or the address literal.

> When the helo is an IP in [ ], it should be $RelayAddr in there.
> Not for example 86.98.53.231 saying "helo [213.42.21.56]" or
> 66.249.194.85 saying "helo [216.184.125.15]".  But this might not
> be common enough to bother with.

I worry about firewalls.

Regards,
KAM 



More information about the MIMEDefang mailing list