On Wed, 2004-02-25 at 00:01 +0000, Mark wrote:
Why keep people thinking HELO checks provide a loophole?
HELO asarian-host.net
250-asarian-host.net Hello faker.com [1.2.3.4], pleased to meet you
MAIL FROM: <>
Now, why on God's green earth would this present a security hole?
It doesn't present a security hole. What it _does_ do, however, is
provoke clueless users into complaining to/about
postmaster(_at_)asarian-host(_dot_)net when they see the HELO arguments in
Received: headers; especially if they appear there with only an IP
address because the connecting host had no reverse DNS.
That's worth avoiding, surely?
It's safe, too. I'm perfectly justified in saying that no host out there
shall identify itself with 'HELO infradead.org' or 'HELO
*.infradead.org' except mine. I'd be interested in a way to declare that
for _any_ HELO argument inside infradead.org, you should accept _only_
if there's an A or AAAA record which points back to the connecting host.
This would _have_ to be possible without _any_ chance that people will
do the same checks for MAIL FROM:<> addresses. Until the whole world has
implemented some non-broken form of SRS, of course I cannot justify to
my users the publication of SPF records which would prevent them from
sending their mail to people with .forward files.
--
dwmw2