Hello Stuart,
Sunday, July 3, 2005, 2:52:07 PM, you wrote:
On Sun, 3 Jul 2005, Hector Santos wrote:
One of the sessions had
IP 212.23.3.140
HELO pythagoras.zen.co.uk
MAIL FROM: <his-address @ amidatrust.com>
The HELO matched this IP address and this HELO domain did not
So what I was wondering A) what does thie mean?
It means that the sending MTA (pythagoras.zen.co.uk) has an rfc compliant HELO
name: it is a FQN (at least one dot) and resolves to the sending IP. This
shows an unusual degree of competence, since most mail admins put
some nonsense like 'JUPITER' in there. My mail policy would accept
the mail if not otherwise blacklisted, because the validated HELO
name provides something to blacklist/whitelist if needed. There may be no
SPF record to validate the MAIL FROM, but a validated HELO is
sufficient for domain based blacklisting. (And simply requiring
RFC compliant HELO goes a long way toward the goals of SPF.)
The sending MTA pythagoras.zen.co.uk is the Zen ISP user communal outgoing
server which I use myself rarely for emergency/test.
Zen iirc accept mail for their own domain and only those domains directly
hosted by themselves - so amidatrust.com cannot use Zen MTA as incoming mx
However it's very easy to get Zen IP rDNS edited to run their own MTA when
whois for amidatrust.com has the registered owner or administrator and
working, matching, forward record valid with Ripe whois for the Zen IP or
blocks.
Shane