On Thu, Mar 04, 2004 at 08:03:10PM +0100, Hadmut Danisch wrote:
Please comment if anything is missing.
I don't know where this would fit exactly, but IMHO it would help a lot
if we could also tighten some wordings in existing RFCs, like in
RFC2821:
4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
These commands are used to identify the SMTP client to the SMTP
server. The argument field contains the fully-qualified domain name
of the SMTP client if one is available. In situations in which the
[ ... ]
As it is now only about 10-20% of all SMTP connections have a HELO
field that really contains any FQDN, most send nonsense like
mailgate.haughton.com:62.49.147.138 HELO server.iaf.local
smtp1.smartiq.com:209.218.85.79 HELO w2kbulksmtp01
unknown:62.251.186.34 HELO SERVEURW
or even
pa65.sliwice.sdi.tpnet.pl:217.97.113.65 HELO petste3
pa65.sliwice.sdi.tpnet.pl:217.97.113.65 HELO p.martich
pa65.sliwice.sdi.tpnet.pl:217.97.113.65 HELO p.never
Maybe a first step could be to make little updates to existing RFCs
and rephrase sections like above to
The argument field MUST contain the fully-qualified domain name
of the SMTP client.
Maybe also extending it to
It MUST match the reverse DNS entry of the connecting IP address.
So, with a lot of little, but easy and fast to walk steps we could
prepare for the final proposal and goal we want to accomplish. We would
also give people something to point at when they try to install some
harder policies for MTAs connecting to their servers.
It may be to high-piled a goal to try to accomplish all with one big step
in a close timeframe.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"