[Top] [All Lists]

Re: [Asrg] 0. General - Administrative - for M. Wild

2003-08-28 22:46:52

We found rDNS checking on HELO/EHLO to be unreliable due to
mis-configuration of smtp servers, in particular those systems who prepare a
send-only or routing server,  which from my last reading of the RFC (a few
years back), need to be prepare as sub-domains.   Because they are not, it
is not possible to do reliable checking.

Recently, we added logic to check for the bracket DOT format,  i.e,.

We found those servers using this format to be spammer servers and they are
using it incorrectly, providing the literal IP without the brackets, i..e,

So we reject the HELO/ELHO state when

a) The literal IP does not have brackets, or
b) The provided bracket IP does not match the connecting peer IP.

We have rejected on average about 125 per day using this scheme.

Incidentally, before this logic was added,  the average about 80 attempts
per day.  Hence, the rejection is causing some senders to try again more
often.  We are sending a 5XX response code (permanent error, don't try
again) but some are ignoring it of course. :-)


Hector Santos
WINSERVER "Wildcat! Interactive Net Server"

----- Original Message ----- 
From: "David Wilson" <David(_dot_)Wilson(_at_)isode(_dot_)com>
To: "Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
Cc: <asrg(_at_)ietf(_dot_)org>
Sent: Thursday, August 28, 2003 4:00 AM
Subject: Re: [Asrg] 0. General - Administrative - for M. Wild

On Wed, 2003-08-27 at 14:24, Yakov Shafranovich wrote:
This message is intended for M Wild ("Mike"):

I have been trying to send an email reply to you but unfortunately it is
not going through due to the following error:

450 Client host rejected: cannot find your hostname, [xx.xx.xx.xx]

I do not have an rDNS address and use the IP address in the HELO command
for SMTP. Apparently your server is not accepting that. Please let me
an alternative way to contact you.

RFC 2822 specifically allows domain literals in the EHLO/HELO command.

RFC 1123 Section 5.2.5 specific forbids refusing messages if the domain
name in HELO (predating SMTP extensions, there is no mention of EHLO)
"fails verification".

There was general discussion some years ago about the issue of:

- accepting SMTP connections when there is no rDNS for the calling IP

- accepting SMTP connections if the rDNS hostname does not have an A
record which contains the calling IP address.

At that stage there were enough legitimate sites which fail either of
these tests to make rejection on these grounds unacceptable for a
reasonable service.

So, in my opinion M Wild's MTA is not acting reasonably.


David Wilson                             
Isode Limited                            Tel: +44 (0) 20 8783 2961

Asrg mailing list

Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>