On 11/21/2005 20:02, Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:
Stuart D. Gathman wrote:
On Mon, 21 Nov 2005, wrote:
Stuart D. Gathman wrote:
This would be after the vast majority have been rejected due to
obviously forged HELO. Is that still useful?
Rejecting on HELO is RFC-questionable.
When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers,
I'm going to reject it.
I'm not disagreeing with your decision to reject based on information you
receive in the HELO... what I am suggesting is that perhaps it would be
better to wait for MAIL FROM phase to break the bad news
Something like:
Connection established
<- bmsi ESMTP banner
-> HELO bmsi.com
<- 2xx You're lying but I can't reject yet
-> MAIL FROM: <>
<- 5xx I'm fine with the <> but you lied about being bmsi.com
-> MAIL FROM: postmaster(_at_)example(_dot_)com
<- 5xx I'm fine with the <postmaster(_at_)example(_dot_)com> but you lied
about being
bmsi.com ...
Actually it's generally better to wait until after RCPT TO; You'll reject a
lot more messages, in general, for bad RCPT TO: than bad Mail From: or HELO:
and RCPT TO: is among the least expensive checks you have available to you.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com