[Mimedefang] Revisit: Filtering on HELO

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Mar 26 10:56:29 EST 2007


David F. Skoll wrote:
> Philip Prindeville wrote:
>   
>> Remember: the original point was that if a host is
>> multi-homed {A.A.A.A, B.B.B.B, C.C.C.C}, that it is
>> incorrect behavior to say "EHLO [B.B.B.B]" on a
>> socket that is bound to any local interface *other
>> than* B.B.B.B.
>>     
>
> Why is it incorrect?  A multihomed host can call itself any of its
> IP addresses.
>
> The only kind of HELO filtering I do on my server is to reject remote
> hosts that call themselves "www.roaringpenguin.com" or
> [206.191.13.82], because I know they're lying.
>
> --
> David.
>
>   

It's incorrect because the originating machine might
be hosting several logic, distinct domains, each with
its own IP address... which are *not* interchangeable.

The server (the one receiving the HELO) can't make
any valid assumptions about whether the client is truly
multihomed (and all addresses are equivalent), or if
it has a bunch of cloned interfaces, each with a unique
address and a separate instance of the MTA running
on each (and each domains' MX pointing to *just one*
IP address on that multihomed machine, not ALL of
them).

Web farms, VMware, etc. all throw whatever assumptions
we had about multi-homing out the window.

-Philip




More information about the MIMEDefang mailing list