----- Original Message -----
To: "John C Klensin" <john(_at_)jck(_dot_)com>
Cc: "B. Johannessen" <bob(_at_)db(_dot_)org>; <ietf-smtp(_at_)imc(_dot_)org>
Sent: Friday, January 02, 2004 6:14 PM
Subject: Re: RFC2821, section 188.8.131.52 and HELO/EHLO
A separate issue comes to mind - a number of systems reject the
format mentioned in 184.108.40.206. In particular, Sendmail 8.12.4 included
If AllowBogusHELO is set to false (default) then also complain if
the argument to HELO/EHLO contains white space. Suggested
by Seva Gluschenko of Cronyx Plus.
(Which incidentally was how I opened this can of worms to begin with).
Ahhhhhh, good point. Ironically, I just added this optional SPACE check
ourselves last month to our beta ware based on seeing it in some captured
HELO [filename /home/admin/domains.txt]
250 winserver.com, Pleased to meet you.
MAIL FROM: <GHaF(_at_)[filename /home/admin/domains.txt]>
552 malformed non-null return path: <GHaF(_at_)[filename
I honestly didn't see the specs allows for a string element in a bracketed
domain literal. In this example, it is bad syntax, but I can see how this
can present issues.
Fortunately, at least Sendmail allows retrying with a less-weird EHLO, so
there's a way for future systems to drop back. Unless of course some
out there gets annoyed at seeing a second EHLO instead of a HELO
Isn't backward-combatability fun?
I have seen this myself, but what I have seen is "spammers" reissuing 2-3
HELO commands when presended with a:
"55x illegal/invalid helo/ehlo syntax/domain
A few months ago, I added an option to check for HELO/EHLO syntax checking
which essentially addresses local domain spoofing, spoofed domain literals
and illegal (non-bracketed) domain literals.
Example: Connection IP: X.Y.Z.W
if yourdomain.com is yours, it is checked again the connection ip address
using the proposed IETF draft DMP specification.
A.B.C.D must be equal to X.Y.Z.W
illegal syntax - no brackets (AllowNoBrackets option provided)
helo domain string
illegal syntax - illegal character or white space found.
In 3 months worth of statistics, on average 15% of sessions will be blocked
because of the above. Some systems will reissue 2-3 helo commands:
C: helo [A.B.C.D]
S: 501 invalid HELO address (because it doesn't match the connect ip)
C: helo A.B.C.D
S: 501 invalid HELO address (because of no brackets)
Hector Santos, Santronics Software, Inc.