On Fri, 9 Sep 2005, Alex van den Bogaerdt wrote:
On Fri, Sep 09, 2005 at 02:02:21AM +0100, Tony Finch wrote:
- top priority, crap like "helo xyzzy" or "ehlo oemcomputer"
is acceptable for an MSA (ater SMTP AUTH or similar), but
not from unknown strangers. It's _wrong_ for (2)821(bis).
"We" (I hope) want to harden both "hellos", among others.
At the moment this is an operational problem, not a protocol problem. The
standard, backed up by decades of practice, is too weak for an MTA to
treat the EHLO hostname with any strictness.
I beg to differ.
You can try strict EHLO hostname verification if you like, but you will
find that about 1/3 of legitimate MTAs have misconfigured host names or
DNS. Widespread failure to conform to the standard is an operational
problem caused by the following text in RFC 1123:
The HELO receiver MAY verify that the HELO parameter really
corresponds to the IP address of the sender. However, the
receiver MUST NOT refuse to accept a message, even if the
sender's HELO command fails verification.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.