ietf-asrg
[Top] [All Lists]

Re: [Asrg] 0. General - Administrative - for M. Wild

2003-08-28 20:46:50
On 2003-08-28 09:00:30 +0100, David Wilson wrote:
On Wed, 2003-08-27 at 14:24, Yakov Shafranovich wrote:
This message is intended for M Wild ("Mike"):

I have been trying to send an email reply to you but unfortunately it is 
not going through due to the following error:

450 Client host rejected: cannot find your hostname, [xx.xx.xx.xx]

I do not have an rDNS address and use the IP address in the HELO command 
for SMTP. Apparently your server is not accepting that. Please let me know 
an alternative way to contact you.

RFC 2822 specifically allows domain literals in the EHLO/HELO command.

RFC 1123 Section 5.2.5 specific forbids refusing messages if the domain
name in HELO (predating SMTP extensions, there is no mention of EHLO)
"fails verification".

RFC 1123 was written well before spam was considered a problem. RFC 2821
also explicitely forbids examination of the mail headers for other
purposes than adding a Received line, but lots of people reject messages
based on the content. 

I think that the receiver doesn't have any obligation to accept mails
(except to "postmaster") and can reject messages on any criteria the
user deems reasonable. 

There was general discussion some years ago about the issue of:

- accepting SMTP connections when there is no rDNS for the calling IP
address.

- accepting SMTP connections if the rDNS hostname does not have an A
record which contains the calling IP address.

At that stage there were enough legitimate sites which fail either of
these tests to make rejection on these grounds unacceptable for a
reasonable service.

Still, I don't think there are many legitimate sites which don't have an
A record.  Requiring the sender to send a FQDN which resolves to the
sender's IP address doesn't seem unreasonable to me (even for dynamic
IP-Addresses, you can use dyndns.net or a similar service).  In fact,
looking at my log files this seems to be a very good indicator of
legitimate mail servers (I checked several weeks of logs some time ago
and only found one legimitate server which identified itself with an
unresolvable name (I think the box is NATted). I am planning to
implement this test, but I didn't get around to it yet. 

        hp


-- 
   _  | Peter J. Holzer    | Humor ohne Emoticons ist trockener Humor.
|_|_) | Sysadmin WSR       | 
| |   | hjp(_at_)hjp(_dot_)at         | -- Toni Grass in aip
__/   | http://www.hjp.at/ |

Attachment: pgpXbMgnAbDUL.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>