At 11:17 AM 6/29/2003 -0400, Richard Rognlie wrote:
> RMX (et al) deal with the envelope from address. This proposal has
> nothing to do with the envelope. It is an attempt to sanitize the
> hostname specified as the HELO/EHLO when connecting to a remote
> MTA.
>
> IOW, If I connect to a remote MTA and my MTA sends the greeting
> EHLO play.gamerz.net. That MTA can do a lookup of
> my_ip_ad_dr._relays_._email_.play.gamerz.net and see immediately
> that if it gets my.ip.ad.dr as the response, that, indeed, I am
> a DRIP subscribed host. If any other host attempts to connect
> and claim to be play.gamerz.net, the IPs will not match (or there
> will be no record at all).
>
> If the IPs do not match, it is a host forging my hostname. Drop
> the connection like a hot potato[e]. If no record is returned at all
D'oh! I forgot to mention. We don't actually drop the connection here.
We can't. It might be a host that is doing the EHLO in preparation
for an SMTP AUTH session for a true "local" user, who happens to be
roaming. We don't start rejections until later (during the env-from
when I can check the status of the SMTP AUTH flags [in the milter
implementation, anyway. other MTA implementations methodologies may
vary])
Very good point. We can probably drop the connection after MAIL FROM or
RCPT TO.
Yakov
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg