[Mimedefang] Revisit: Filtering on HELO

Les Mikesell les at futuresource.com
Fri Mar 23 08:03:31 EST 2007


Philip Prindeville wrote:
>> We check for localhost or 127.0.0.1
>> We check for our name.
>> We check for our IP address with/without ['s
>> We check for helo of friend
>> We check for helo where length < 3 or doesn't have dots.
> 
> I would add to all that also checking that if the
> remote end says "HELO [x.x.x.x]", that the x.x.x.x
> really is the same as their $hostip (or whatever)
> and not some other address.
> 
> A lot of hosts say "HELO 1.2.3.4" when their address
> is really 5.6.7.8.
> 
> If they can't be trusted to figure out their own
> address, then they're probably pretty broken (and
> that includes being behind a NATing firewall as we
> are).

Many hosts are multi-homed and thus have more than one address.  I don't 
think mailers are required to match the HELO to the interface that 
happens to be used for the connection.  Also in the NAT case it may or 
may not be possible for anyone to know the address that will be seen on 
the other side.

-- 
   Les Mikesell
    lesmikesell at gmail.com


More information about the MIMEDefang mailing list