[Mimedefang] Revisit: Filtering on HELO

Jeff Rife mimedefang at nabs.net
Sun Mar 25 21:40:25 EST 2007


On 25 Mar 2007 at 20:05, Philip Prindeville wrote:

> Ok, putting this issue to bed for good.  Quoting RFC-1123:

Well, not really, but we figured out which RFC you meant.

>       5.2.5  HELO Command: RFC-821 Section 3.5
> 
>          The HELO receiver MAY verify that the HELO parameter really
>          corresponds to the IP address of the sender.  However, the
>          receiver MUST NOT refuse to accept a message, even if the
>          sender's HELO command fails verification.
> 
> Hmm.  Or not.  Ok, that was less conclusive than it should have
> been...  Well, the operative sentence is "The HELO receiver MAY
> verify that the HELO parameter really corresponds to the IP address
> of the sender."
> 
> How else to do that in the case of an address-literal than checking
> that the EHLO argument matches the address reported by getsockname()???

You can spend as many cycles as you want "verifying" this sort of 
thing, but since you can't refuse the message based on the fact that 
the HELO doesn't "match" the source IP ("MUST NOT refuse", in the very 
text you quoted), it really doesn't matter, does it?

And, since you can stop so much without ever violating the RFC on HELO, 
why even bother?  Tossing out non-FQDN, IP addresses (not address-
literals, but bare IPs), and hostnames/address literals that resolve to 
non-routable IPs would leave you with almost nothing left that wouldn't 
"verify".

I don't even bother with the full check for resolving to non-routable 
IPs (I don't do any DNS checks, so I only toss obvious ones) and still 
see HELO checking stopping about half the potential spam, with 
greylisting stopping the other half.  Only about 2-5% of what was 
obviously spam makes it through to SpamAssassin.


--
Jeff Rife |  
          | http://www.nabs.net/Cartoons/TiVoAndBeer.gif 




More information about the MIMEDefang mailing list