On Wed, May 04, 2005 at 09:23:09AM -0400, Radu Hociung wrote:
I would suggest that checking HELO with SPF is misguided at best.
The HELO name is not required by any RFC to be a domain name.
localhost.localdomain is a perfectly legal HELO name. So are many others
that are not domain names, and thus the results of a DNS loookup on them
would be *undefined*
Is this the real Radu or is this a troll imposing Radu?
some quotes from RFC2821:
the command may be interpreted as saying "Hello, I am <domain>"
The argument field contains the fully-qualified domain name
of the SMTP client if one is available.
helo = "HELO" SP Domain CRLF
The solution for the HELO check to become reliable would be for RFC2821
to be amended to *REQUIRE* valid, DNS available lookup names to be used
for the HELO exchange.
It does, whenever there is such a name available it MUST be used.
If there isn't, an address literal SHOULD be substituted instead.
Domain names used MUST be the FQDN of the client. The interface
connecting may be attached to another name, so you cannot verify
the ip address against the domain name however this does not mean
the domain name suddenly doesn't have to be a FQDN.
So, when an address literal is given, the MUST NOT be a domain name
attached to this address. Would there be such a domain name, it
has to be used, not the address. In all other cases, the domain name
is used and is has to be a FQDN. I cannot see why you would say that
localhost.localdomain is a perfectly legal HELO name.
Alex