On 12/21/2019 5:50 PM, Keith Moore wrote:
On 12/21/19 5:28 PM, Paul Smith wrote:
There's always a hostname. It defaults to the return value of gethostname().
And if that contains no dots, and "mydomain" is not set, then the domain
defaults to "localdomain". So worst case you get "shortname.localdomain".
I expect that there are a lot of MTAs advertising EHLO
raspberry.localdomain or debian.localdomain or some such.
I did a grep in December logs, I see 4 instances with all
failed/rejected with 550. The last traced session was on the 22th:
**************************************************************************
Wildcat! ESMTP Server v8.0.454.9
SMTP log started at Sun, 22 Dec 2019 07:18:48
Connection Time: 20191222 07:18:48 cid: 0000A55B tid: 00001488
SSL-Enabled=YES No-Quit-Cancel=OFF Receiver-Bin=ON
Client IP: 206.81.8.171:36566 (unknown) Host IP: 76.245.57.69:25
07:18:48.959 ** WCX Process: smtpcmd-connect ret: -1
07:18:48.960 S: 220-winserver.com Wildcat! ESMTP Server v8.0.454.9 ready
07:18:48.960 S: 220-************** WARNING: FOR AUTHORIZED USE ONLY!
**********************
07:18:48.960 S: 220-* THIS SYSTEM DO NOT AUTHORIZE THE USE OF ITS
PROPRIETARY COMPUTERS *
07:18:48.960 S: 220-* AND COMPUTER NETWORKS TO ACCEPT, TRANSMIT, OR
DISTRIBUTE UNSOLICITED *
07:18:48.960 S: 220-* BULK E-MAIL SENT FROM THE INTERNET. THIS SYSTEM
WILL RESTRICT ACCESS *
07:18:48.960 S: 220-* TO CAN-SPAM (US S. 877) COMPLIANT CLIENTS ONLY.
*
07:18:48.960 S: 220
************************************************************************
07:18:49.047 C: EHLO varon.localdomain
07:18:49.053 ** WCX Process: smtpcmd-check-ehlo ret: -1
07:18:49.053 S: 250-winserver.com, Pleased to meet you.
07:18:49.053 S: 250-SIZE 102400000
07:18:49.053 S: 250-8BITMIME
07:18:49.053 S: 250-SUBMITTER
07:18:49.054 S: 250-ETRN
07:18:49.054 S: 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN PLAIN-MD5 SHA-1
07:18:49.054 S: 250-AUTH=LOGIN
07:18:49.054 S: 250-HELP
07:18:49.054 S: 250 STARTTLS
07:18:49.181 C: MAIL FROM:<alessandro(_dot_)zollo(_at_)i-csr(_dot_)it> SIZE=1926
07:18:49.193 S: 250 <alessandro(_dot_)zollo(_at_)i-csr(_dot_)it>... Sender validation
pending. Continue.
07:18:49.237 C: RCPT TO:<hsantos(_at_)santronics(_dot_)com>
07:18:49.378 ** WCX Process: wcsap ret: 550 (140 msecs) (Rejected by
WCSAP RBL Host bl.spamcop.net)
07:18:49.378 S: 550 Return Path not verifiable.
07:18:49.423 C: RSET
07:18:49.423 S: 250 Reset State #1
07:18:49.466 C: QUIT
07:18:49.466 S: 221 closing connection
07:18:49.466 ** Completed. Elapsed Time: 531 msecs
IP Rejected by spamcop.net.
I suspect when I put my logs thru a Deep NN engine, its going to tell
me '*.localdomain' usages are mostly bad and I can save 1/2 second by
instantly rejecting the .localdomain usage and it will probably be
Pareto (>79%) accurate.
Seen in that light, the IETF operators' filtering policy is looking
less valid all the time.
+1.
Especially when no validity check is done on the non-ip-literal input.
Was the original intent just to describe the machine identifier with
no validation necessary?
Also EHLO was used for a capabilities "Link Establishment" like
phrase. We probably should not lump the machine identifier with a
capabilities negotiation concept.
Mostly joking, a new ESMTP command "CAPA" that can replace EHLO?
--
HLS
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp