[Top] [All Lists]

Re: clarification re 2821, s4.1.4

2002-08-17 11:40:52

EG, I'm not allowed to reject sessions from, even
if I know with certainty that the identifier is correct.

it's not clear how you can know this for certain from EHLO.  you might
know it for certain by other means, such as if you had a IPsec or TLS
authenticated session.  the point is that the EHLO identifier (more precisely, 
the relationship between that identifier and the IP source address) really 
isn't reliable enough to be used as the basis of any kind of filter.

to put it another way - nothing stops you from rejecting mail from
any host you want.  but it's a violation of the protocol to use 
the EHLO identifier to decide whether the mail is from a host that you
want to reject.  the only ways to "know with certainty" that this is
from a particular host don't involve EHLO.


<Prev in Thread] Current Thread [Next in Thread>