ietf-smtp
[Top] [All Lists]

Strict RFC x821 Compliance: HELO/EHLO

2005-07-02 13:00:57

From: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>

Wonderful!  Its worry about a space, but it doesn't
protect its own local domains! <g>

What can I say? Claus is a standards-conforming
kind of guy :)

Well, it also doesn't check for brackets syntax :-)

220 zardoc.esmtp.org ESMTP sendmail X.0.0.Alpha4.0
helo 65.10.44.25
250 zardoc.esmtp.org Hi there

No big deal. :-)

In what sense is the handling of the HELO parameter
failing to "protect" the domain?

Because protection of your OWN domains has 100% trust behind it.

If you are going to have a strict syntax for the minor space issue on the
MAIL command which has no SMTP level correlation as a malicious sender, then
the HELO domain literal syntax RFC requirement which does have a strong SMTP
level correlation as a malicious sender (when checking for local domain/ip
spoofing) should be applied.

Like I said, no big deal.  :-)

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






<Prev in Thread] Current Thread [Next in Thread>