On 2003-08-31 02:09:34 +0200, Brad Knowles wrote:
At 11:19 PM +0200 2003/08/30, Peter J. Holzer wrote:
RFC 2821 requires the parameter to be either an FQDN or an address
literal. A client which sends an unqualified hostname is in violation of
the RFC without any good reason. (broken software and lazy
administrators are not good reasons, IMHO)
I don't see this requirement in 2821:
3.6 Domains
Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs. Local nicknames or unqualified names MUST NOT be
used. There are two exceptions to the rule requiring FQDNs:
- The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.
Note that the RFC explicitly states that the IPv4 address should
be in square brackets. Which is precisely the kind of behaviour that
I believe you said that you were refusing.
I didn't say I'm refusing anything. I listed four different tests one
could apply to the hello parameter and tried to identify who would be
affected by those tests.
In the first two tests, address literals are allowed, in the other two
they are forbidden.
Any reason why it must identify itself as [10.0.1.5]? Why not with the
external IP address or as bradknowles.dyndns.net?
If it's behind a NAT, how would it know the external DNS name?
If that IP address on the NAT device is dynamically assigned and the
machine is not an intelligent host running software capable of
updating a dynamic DNS record (as 99.999% of all NAT/router devices
are almost certainly going to be), then how would the internal host
know what this external DNS name is?
The external name stays fixed. You register a name at a dynamic dns
provider (I am using dyndns.org (sorry, not dyndns.net, that seems to be
something else) as an example here because a few people I know use it -
there are others). Then you configure your mail server to always use
that name in the helo command. Finally you run a program which detects
your real address (e.g., by connecting to http://checkip.dyndns.org/)
and updates the DNS record at regular intervals.
Yes, this works only with forward lookups, not with reverse lookups.
hp
--
_ | Peter J. Holzer | Humor ohne Emoticons ist trockener Humor.
|_|_) | Sysadmin WSR |
| | | hjp(_at_)hjp(_dot_)at | -- Toni Grass in aip
__/ | http://www.hjp.at/ |
pgpNYQeS8qzk0.pgp
Description: PGP signature