[Mimedefang] Revisit: Filtering on HELO

David F. Skoll dfs at roaringpenguin.com
Mon Mar 26 11:02:50 EST 2007


Philip Prindeville wrote:

>> Why is it incorrect?  A multihomed host can call itself any of its
>> IP addresses.

[...]

> It's incorrect because the originating machine might
> be hosting several logic, distinct domains, each with
> its own IP address... which are *not* interchangeable.

You didn't answer the question:  WHY is it incorrect for a multihomed
machine to HELO as "foo.example.com" even if it is making the connection
over the interface whose IP address resolves as "bar.example.com"?

It might offend you.  You might *think* it's wrong.  But that doesn't
make it wrong; a machine is perfectly within its rights to do that.

> The server (the one receiving the HELO) can't make
> any valid assumptions about whether the client is truly
> multihomed (and all addresses are equivalent), or if
> it has a bunch of cloned interfaces, each with a unique
> address and a separate instance of the MTA running
> on each (and each domains' MX pointing to *just one*
> IP address on that multihomed machine, not ALL of
> them).

The server shouldn't worry its pretty little head over such things.
Except in blatant cases of obvious lying (eg, client claiming to be
server's public IP address), the server has no right to impose
assumptions about what a client should use as its HELO name.

Regards,

David.


More information about the MIMEDefang mailing list