On Mon, Nov 21, 2005 at 05:02:11PM -0800,
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
Rejecting on HELO is RFC-questionable.
When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers,
I'm going to reject it.
I'm not disagreeing with your decision to reject based on information
you receive in the HELO... what I am suggesting is that perhaps it
would be batter to wait for MAIL FROM phase to break the bad news
The remark in that RFC only forbids rejecting on the basis that
reverse_lookup(connecting_ip_address) != helo_parameter.
In other words, you cannot use this piece of information to determine
that a client is lying. The RFC specifically tells you that you can't.
This does NOT mean it is forbidden to reject at the HELO stage. It does
NOT mean you cannot reject for valid reasons. It just means that this
is not a valid reason.
There's nothing wrong with, for instance, rejecting a local alias (such
as "helo exchange") or rejecting a malformed one ("helo win_pdc_01").
If you _want_ to do that is another story. But you certainly can.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com