[Top] [All Lists]

Re: clarification re 2821, s4.1.4

2002-08-17 11:40:41

I'm aware of that, but it's not what I'm asking about. I'm specifically
asking about using the EHLO identifier as a policy trigger. Under the
interpretations of the section as provided here, this is prohibited.

The current text says:

   An SMTP server MAY verify that the domain name parameter in the EHLO
   command actually corresponds to the IP address of the client.
   However, the server MUST NOT refuse to accept a message for this
   reason if the verification fails: the information about verification
   failure is for logging and tracing only.

It doesn't say that the EHLO/HELO command can not be rejected for
a *different* reason, such as policy.  You just can't reject based
on the verification of IP address -> HELO/EHLO claimed name.

In fact, section 7.7 states:

   of mail.  Some sites have decided to limit the use of the relay
   function to known or identifiable sources, and implementations SHOULD
   provide the capability to perform this type of filtering.  When mail
   is rejected for these or other policy reasons, a 550 code SHOULD be
   used in response to EHLO, MAIL, or RCPT as appropriate.

Thereby giving permission to reject EHLO based on policy.