Alan Hodgson wrote:
On Mon, Aug 23, 2004 at 01:00:01PM -0600,
administrator(_at_)yellowhead(_dot_)com wrote:
You might want to re-examine the criteria you are using, as there is
nothing non-standard about the way our server is configured. The
EHLO our sendmailNT server uses by default is the physical server
name <SERVER3>,
.... RFC 2821 says:
4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
These commands are used to identify the SMTP client to the SMTP
server. The argument field contains the fully-qualified domain
name of the SMTP client if one is available. In situations in
which the SMTP client system does not have a meaningful domain
name (e.g., when its address is dynamically allocated and no
reverse mapping record is available), the client SHOULD send
an address literal (see section 4.1.3), optionally followed by
information that will help to identify the client system.
<SERVER3> appears to be neither a fully-qualified domain name nor
an address literal. Many sites will block a non-FQDN HELO outright.
Most clients issuing a default Windows system name for a HELO are
viruses, in my experience. Blocking on invalid HELO's is one of my
system's most valuable blocks.
Blocking on invalid HELO's has proven an incredibly effective anti-spam
measure. All those Windoze based zombies that connect with "HELO zxcfewr" or
something, go right out the door (my own users, either SASL/DRAC
authenticated, bypass the check). <SERVER3> is indeed no FQDN, nor an
address literal.
This is one of those areas where the cost/benefit analysis fell out in favor
of blocking. Simply because it is extremely rare for a legitimate server to
connect with a HELO name that does not match the required criteria (whether
they are always sending the correct HELO string is quite another matter, of
course). Sendmail will indeed use the physical server name for HELO (unless
you hard-patch in another name in srvrsmtp.c, of course).
J.A. (James?), I have whitelisted 207.34.104.5 (mail.yellowhead.com), so the
problem should be gone. Sorry for the inconvenience. I must admit that my
Windoze server knowledge is minimal (or below minimal, even). But if I were
you, I would probably think about changing the physical server name, if that
is feasible at all (or hard-code a different HELO name). Because it
surprises me that this hasn't given you trouble before.
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx