Hi !!
Please see RFC 2821 section 4.1.1.1 and RFC 1123 section 5.2.5
I have. You fail to consider multi homed hosts.
The primary name of a box is "hosta.example.tld" with address 192.168.1.1
The address of the interface connecting to you is address 192.168.2.1 and
this resolves to "hosta.otherexample.tld" (and back).
This host MUST use "hosta.example.tld" in HELO.
that's exactly what i would expect, the helo should match the ip
address.
It cannot use its domain literal in this case, since its name is known.
Using the domain literal is a workaround in case of problems.
altough domain literals are allowed i will prefer if they are
forbidded or deprectated by a new rfc.
RFC2821 allows rejection for various reasons. The only thing it
specifically forbids is you MUST NOT reject purely on the fact that
ptr(connecting ip address) != HELO.
yes, i would be also happy to see a new rfc that not only recommeds
this check but also recomends rejecting anything comming from a
client when the helo does not match the ip address (unless another
kind of authentication or authorization has succedd for the connection)
--
Best regards ...
It's a fine line between fishing & standing still
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------