[Top] [All Lists]

Re: RFC2821, section and HELO/EHLO

2004-01-02 17:23:09

----- Original Message ----- 
From: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>
To: "John C Klensin" <john(_at_)jck(_dot_)com>
Cc: "B. Johannessen" <bob(_at_)db(_dot_)org>; <ietf-smtp(_at_)imc(_dot_)org>
Sent: Friday, January 02, 2004 6:14 PM
Subject: Re: RFC2821, section and HELO/EHLO

A separate issue comes to mind - a number of systems reject the
format mentioned in  In particular, Sendmail 8.12.4 included
this change:

        If AllowBogusHELO is set to false (default) then also complain if
                the argument to HELO/EHLO contains white space.  Suggested
                by Seva Gluschenko of Cronyx Plus.

(Which incidentally was how I opened this can of worms to begin with).

Ahhhhhh, good point.  Ironically,  I just added this optional SPACE check
ourselves last month to our beta ware based on seeing it in some captured
logs. example:

HELO [filename /home/admin/domains.txt]
250, Pleased to meet you.
MAIL FROM: <GHaF(_at_)[filename /home/admin/domains.txt]>
552 malformed non-null return path: <GHaF(_at_)[filename

I honestly didn't see the specs allows for a string element in a bracketed
domain literal.  In this example, it is bad syntax, but I can see how this
can present issues.

Fortunately, at least Sendmail allows retrying with a less-weird EHLO, so
there's a way for future systems to drop back.  Unless of course some
out there gets annoyed at seeing a second EHLO instead of a HELO
Isn't backward-combatability fun?

I have seen this myself, but what I have seen is "spammers" reissuing 2-3
HELO commands when presended with a:

                "55x illegal/invalid helo/ehlo syntax/domain

A few months ago, I added an option to check for HELO/EHLO syntax checking
which essentially addresses local domain spoofing,  spoofed domain literals
and illegal (non-bracketed) domain literals.

Example:  Connection IP:  X.Y.Z.W

           helo   [xxx.]

if is yours,  it is checked again the connection ip address
using the proposed IETF draft DMP specification.

          helo [A.B.C.D]

A.B.C.D  must be equal to X.Y.Z.W

          helo A.B.C.D

illegal syntax - no brackets (AllowNoBrackets option provided)

          helo domain string

illegal syntax - illegal character or white space found.

In 3 months worth of statistics,  on average 15% of sessions will be blocked
because of the above.  Some systems will reissue 2-3 helo commands:

    C:  helo [A.B.C.D]
    S:  501 invalid HELO address  (because it doesn't match the connect ip)
    C:  helo A.B.C.D
    S:  501 invalid HELO address   (because of no brackets)

Hector Santos, Santronics Software, Inc.