[Mimedefang] Revisit: Filtering on HELO

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Mar 16 22:28:19 EST 2007


Richard Laager wrote:
> On Fri, 2007-03-16 at 13:38 -0400, Joseph Brennan wrote:
>   
>> When the helo is an IP in [ ], it should be $RelayAddr in there.
>> Not for example 86.98.53.231 saying "helo [213.42.21.56]" or
>> 66.249.194.85 saying "helo [216.184.125.15]".  But this might not
>> be common enough to bother with.
>>     
>
> IIRC, this is a case of verification explicitly disallowed by the RFCs,
> because of NAT. A machine might think it's "10.10.10.10", but it could
> be anything after it passes through NAT.
>
> Richard
>
>   

If NAT *is* in use, and you're using a "locally significant
address", i.e. a non-routable address, then this is wrong.

The name you use should be globally significant.

So either, (a) fix your NAT to properly rewrite your
HELO string for you, or else (b) stop using an IP address-
literal since it's meaningless anyway.

-Philip



More information about the MIMEDefang mailing list