On Tue, Nov 22, 2005 at 10:32:05AM -0500, Dick St.Peters wrote:
Stuart D. Gathman writes:
When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers,
I'm going to reject it. No matter what cockamany RFC ignorant
(must be a resolvable FQDN - I believe it must resolve to client, but
others disagree) HELO they came up with, they certainly aren't allowed
to use "bmsi.com". Ditto for any other domains I manage.
You are 100% correct that the HELO name must resolve to the client.
Stuart is 100% correct. You are not.
There is NO guaranty that the _interface_ used to connect to you has the
same name as the box.
Host:
somehost.example.org address 10.1.2.3
Interfaces:
somehost.example.org address 10.1.2.3
interface.example.org address 10.2.3.4
You get a connection from 10.2.3.4, HELO somehost.example.org
You ask PTR(10.2.3.4) and get interface.example.org
Or you ask A(somehost.example.org) and get 10.1.2.3
In both cases, verification fails but is not a good reason to reject.
This is the MUST NOT reject clausule.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com