spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: SPF adoption statistics

2005-11-22 09:39:58
Alex van den Bogaerdt writes:
On Tue, Nov 22, 2005 at 10:32:05AM -0500, Dick St.Peters wrote:
Stuart D. Gathman writes:
When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers,
I'm going to reject it.  No matter what cockamany RFC ignorant
(must be a resolvable FQDN - I believe it must resolve to client, but
others disagree) HELO they came up with, they certainly aren't allowed
to use "bmsi.com".  Ditto for any other domains I manage.

You are 100% correct that the HELO name must resolve to the client.

Stuart is 100% correct.  You are not.

Show me exactly what you think it is I said that's wrong.

There is NO guaranty that the _interface_ used to connect to you has the
same name as the box.

Host:
      somehost.example.org  address 10.1.2.3
Interfaces:
      somehost.example.org  address 10.1.2.3
      interface.example.org address 10.2.3.4

You get a connection from 10.2.3.4, HELO somehost.example.org

To comply with the RFCs, SMTP connections out the 10.2.3.4 interface
have to use 10.1.2.3 as the source address.  (I do this routinely.)

You ask PTR(10.2.3.4) and get interface.example.org
Or you ask A(somehost.example.org) and get 10.1.2.3

No, if the client is compliant and uses the host name source address,
you ask PTR(10.1.3.4) and get somehost.example.org.

In both cases, verification fails but is not a good reason to reject.
This is the MUST NOT reject clausule.

I didn't say anything about rejection, but since you brought it up,
yes, verification failing is not an RFC-allowed reason to reject.

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com 

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com