I'm aware of that, but it's not what I'm asking about. I'm specifically
asking about using the EHLO identifier as a policy trigger. Under the
interpretations of the section as provided here, this is prohibited.
The current text says:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
^^^^^^^^
reason if the verification fails: the information about verification
^^^^^^
failure is for logging and tracing only.
It doesn't say that the EHLO/HELO command can not be rejected for
a *different* reason, such as policy. You just can't reject based
on the verification of IP address -> HELO/EHLO claimed name.
In fact, section 7.7 states:
of mail. Some sites have decided to limit the use of the relay
function to known or identifiable sources, and implementations SHOULD
provide the capability to perform this type of filtering. When mail
is rejected for these or other policy reasons, a 550 code SHOULD be
used in response to EHLO, MAIL, or RCPT as appropriate.
Thereby giving permission to reject EHLO based on policy.