[Mimedefang] Revisit: Filtering on HELO

Les Mikesell les at futuresource.com
Sun Mar 25 23:16:56 EST 2007


Philip Prindeville wrote:

>> And, since you can stop so much without ever violating the RFC on HELO, 
>> why even bother?  Tossing out non-FQDN, IP addresses (not address-
>> literals, but bare IPs), and hostnames/address literals that resolve to 
>> non-routable IPs would leave you with almost nothing left that wouldn't 
>> "verify".
>>   
> 
> Huh?  You've just said that you can't toss out anything
> that comes from the HELO command, if you're arguing for
> strict compliance with RFC-1123, section 5.2.5.

You are allowed reject on syntax (bare hostname, invalid address 
notation, etc.), just not on the name or IP not matching what you think 
it should match.

> Again, I'm not understanding what you're saying.  The one
> test that RFC-1123 sanctions is ensuring that the name
> is an FQDN that's resolvable...  You're saying you don't
> make this test?

You are not allowed to reject if it doesn't resolve or if it resolves to 
something other than what you expect so it is a waste of time to check. 
   As long as the syntax is correct for a FQDN or IP literal you might 
as well move on to something else.

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the MIMEDefang mailing list