Re: SPF HELO checking

--"Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> wrote:

On Mon, 13 Dec 2004, Alex van den Bogaerdt wrote:

RFC2821 allows rejection for various reasons.  The only thing it
specifically forbids is you MUST NOT reject purely on the fact that
ptr(connecting ip address) != HELO.


Of course.  But what about rejecting when
a(HELO name) != connecting ip address ?

Technically it's possible for the host to be coming to you via an IP thatit doesn't even know as belonging to it (like a mail server behind a NATthat has an internal IP and shares the firewall IP for outside access).

If they *really* want to do that, they could get around it by programmingthe mail server to HELO with the outside IP.

Personally, I see no reason to accept mail from a mail server that usesHELO [ip]... I think the reasons for that were mostly historical and arepretty much gone today. But that's a local policy decision and not an rfcreason.


gregc
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Re: SPF HELO checking, (continued) Re: Re: SPF HELO checking, Hector Santos Re: SPF HELO checking, David RE: SPF HELO checking, Brian Barrios Re: SPF HELO checking, David Re: SPF HELO checking, Alex van den Bogaerdt Re: SPF HELO checking, David Re: SPF HELO checking, Alex van den Bogaerdt Re: SPF HELO checking, Alex van den Bogaerdt Re: SPF HELO checking, David Re: SPF HELO checking, Stuart D. Gathman Re: SPF HELO checking, Greg Connor <= Re: SPF HELO checking, Hector Santos Re: SPF HELO checking, Alex van den Bogaerdt Re: SPF HELO checking, David Re: SPF HELO checking, Alex van den Bogaerdt Re: SPF HELO checking, David Message not available Re: SPF HELO checking, David Re: SPF HELO checking, wayne RE: SPF HELO checking, Brian Barrios Re: SPF HELO checking, David Re: SPF HELO checking, David