spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Question on a unified policy record approach

2005-09-05 23:03:54
from [Graham Murray] [Permanent Link] 
"Seth Goodman" <sethg(_at_)GoodmanAssociates(_dot_)com> writes:


From: Alex van den Bogaerdt 
[mailto:alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net]
Sent: Sunday, September 04, 2005 1:58 AM
One host. Multiple interfaces. Each interface has its own name:

(I'm using the 10/8 network as example addresses; of course on the
internet other addresses need to be used)

jupiter.example.org       A   10.0.0.1
jupiter-eth1.example.org  A   10.1.0.1
jupiter-qw0.example.org   A   10.2.0.1

Suppose the primary hostname for this box is jupiter.example.org.
Suppose the SMTP connection is made via jupiter-qw0.example.org.
i.e. the connecting client uses address 10.2.0.1

This client (jupiter.example.org) has no choice but to say
"EHLO jupiter.example.org." (or the HELO equivalent).

However, 10.2.0.1 resolves to jupiter-qw0.example.org, not to
jupiter.example.org



What I think is appropriate here is that jupiter.example.org submit
its mail to jupiter-qw0.example.org for relay (or gatewaying, if you
prefer) to the internet.  While the operators of example.org may
find this a minor inconvenience, we can no longer condone EHLO FQDN
forgery.  By acting as a non-vigilant pass-through proxy,
jupiter-qw0.example.org is the machine committing forgery.  It is
presenting the SMTP EHLO command to a server using a FQDN that does
not belong to it.


Sorry about quoting so much.

I think you are missing something VERY important here. It is not
presenting a name which does not belong to it. jupiter.example.org and
jupiter-qw0.example.org are the ONE and the SAME machine. They are the
A (and PTR) record names for 2 interfaces on the one multi-homed
system. So jupiter is _not_ submitting its mail to jupiter-qw0 for
relaying, it is always using an EHLO of 'jupiter.example.org'
irrespective of which interface it actually uses to connect to the
remote SMTP server.

Or are you suggesting that on multi-homes systems that SMTP clients
should use the EHLO name appropriate to the interface which is used to
connect to the server?

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Exclusive v. Open SPF records, Frank Ellermann
Next by Date:  Re: [spf-discuss] Question on a unified policy record approach, Commerco WebMaster
Previous by Thread:  RE: [spf-discuss] Question on a unified policy record approach, Seth Goodman
Next by Thread:  Re: [spf-discuss] Question on a unified policy record approach, Commerco WebMaster
Indexes:  [Date] [Thread] [Top] [All Lists]