ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RFC2821, section 4.1.1.1 and HELO/EHLO

2004-01-02 17:23:09
from [Hector Santos] [Permanent Link] 


----- Original Message ----- 
From: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>
To: "John C Klensin" <john(_at_)jck(_dot_)com>
Cc: "B. Johannessen" <bob(_at_)db(_dot_)org>; <ietf-smtp(_at_)imc(_dot_)org>
Sent: Friday, January 02, 2004 6:14 PM
Subject: Re: RFC2821, section 4.1.1.1 and HELO/EHLO


A separate issue comes to mind - a number of systems reject the
format mentioned in 4.1.1.1.  In particular, Sendmail 8.12.4 included
this change:

        If AllowBogusHELO is set to false (default) then also complain if
                the argument to HELO/EHLO contains white space.  Suggested
                by Seva Gluschenko of Cronyx Plus.

(Which incidentally was how I opened this can of worms to begin with).


Ahhhhhh, good point.  Ironically,  I just added this optional SPACE check
ourselves last month to our beta ware based on seeing it in some captured
logs. example:

HELO [filename /home/admin/domains.txt]
250 winserver.com, Pleased to meet you.
MAIL FROM: <GHaF(_at_)[filename /home/admin/domains.txt]>
552 malformed non-null return path: <GHaF(_at_)[filename

I honestly didn't see the specs allows for a string element in a bracketed
domain literal.  In this example, it is bad syntax, but I can see how this
can present issues.


Fortunately, at least Sendmail allows retrying with a less-weird EHLO, so
there's a way for future systems to drop back.  Unless of course some

system

out there gets annoyed at seeing a second EHLO instead of a HELO

drop-back.

Isn't backward-combatability fun?


I have seen this myself, but what I have seen is "spammers" reissuing 2-3
HELO commands when presended with a:

                "55x illegal/invalid helo/ehlo syntax/domain

A few months ago, I added an option to check for HELO/EHLO syntax checking
which essentially addresses local domain spoofing,  spoofed domain literals
and illegal (non-bracketed) domain literals.

Example:  Connection IP:  X.Y.Z.W

           helo   [xxx.]yourdomain.com

if yourdomain.com is yours,  it is checked again the connection ip address
using the proposed IETF draft DMP specification.

          helo [A.B.C.D]

A.B.C.D  must be equal to X.Y.Z.W

          helo A.B.C.D

illegal syntax - no brackets (AllowNoBrackets option provided)

          helo domain string

illegal syntax - illegal character or white space found.

In 3 months worth of statistics,  on average 15% of sessions will be blocked
because of the above.  Some systems will reissue 2-3 helo commands:

    C:  helo [A.B.C.D]
    S:  501 invalid HELO address  (because it doesn't match the connect ip)
    C:  helo A.B.C.D
    S:  501 invalid HELO address   (because of no brackets)

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RFC2821, section 4.1.1.1 and HELO/EHLO, Hector Santos
Next by Date:  Re: RFC2821, section 4.1.1.1 and HELO/EHLO, Valdis . Kletnieks
Previous by Thread:  Re: RFC2821, section 4.1.1.1 and HELO/EHLO, Valdis . Kletnieks
Next by Thread:  Re: RFC2821, section 4.1.1.1 and HELO/EHLO, B. Johannessen
Indexes:  [Date] [Thread] [Top] [All Lists]