[Mimedefang] Revisit: Filtering on HELO
philipp_subx at redfish-solutions.com
Fri Mar 16 22:28:19 EST 2007
Richard Laager wrote:
> On Fri, 2007-03-16 at 13:38 -0400, Joseph Brennan wrote:
>> When the helo is an IP in [ ], it should be $RelayAddr in there.
>> Not for example 126.96.36.199 saying "helo [188.8.131.52]" or
>> 184.108.40.206 saying "helo [220.127.116.11]". But this might not
>> be common enough to bother with.
> IIRC, this is a case of verification explicitly disallowed by the RFCs,
> because of NAT. A machine might think it's "10.10.10.10", but it could
> be anything after it passes through NAT.
If NAT *is* in use, and you're using a "locally significant
address", i.e. a non-routable address, then this is wrong.
The name you use should be globally significant.
So either, (a) fix your NAT to properly rewrite your
HELO string for you, or else (b) stop using an IP address-
literal since it's meaningless anyway.
More information about the MIMEDefang