On Mon, 2004-08-23 at 20:57 +0000, Mark wrote:
I do not test for the HELO to resolve (what would be the point anyway? HELO
is too forgeable to begin with). In fact, my check is pretty lax: I just
check for a "." in the name (which covers the FQDN and address literal). The
point of the exercise is not to check whether the HELO is good, but whether
it is definitely bad.
Checking for a dot doesn't cover perfectly legitimate literals like
this:
EHLO [IPv6:2002:c1ed:8229:10:2c0:f0ff:fe31:e18]
Even if you don't listen on an IPv6 address (and why not? IPv6 is
trivial with 6to4 -- all hosts with a public IPv4 address automatically
get 2^^80 IPv6 addresses to play with), you may get connections via
ipv6-to-ipv4 application-level address translation gateways. Although
admittedly that isn't likely.
--
dwmw2