[Mimedefang] Revisit: Filtering on HELO

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Mar 16 22:28:19 EST 2007

Richard Laager wrote:
> On Fri, 2007-03-16 at 13:38 -0400, Joseph Brennan wrote:
>> When the helo is an IP in [ ], it should be $RelayAddr in there.
>> Not for example saying "helo []" or
>> saying "helo []".  But this might not
>> be common enough to bother with.
> IIRC, this is a case of verification explicitly disallowed by the RFCs,
> because of NAT. A machine might think it's "", but it could
> be anything after it passes through NAT.
> Richard

If NAT *is* in use, and you're using a "locally significant
address", i.e. a non-routable address, then this is wrong.

The name you use should be globally significant.

So either, (a) fix your NAT to properly rewrite your
HELO string for you, or else (b) stop using an IP address-
literal since it's meaningless anyway.


More information about the MIMEDefang mailing list