On Tue, Nov 22, 2005 at 11:39:27AM -0500, Dick St.Peters wrote:
When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers,
I'm going to reject it. No matter what cockamany RFC ignorant
(must be a resolvable FQDN - I believe it must resolve to client, but
others disagree) HELO they came up with, they certainly aren't allowed
to use "bmsi.com". Ditto for any other domains I manage.
You are 100% correct that the HELO name must resolve to the client.
Stuart is 100% correct. You are not.
Show me exactly what you think it is I said that's wrong.
The _client_ is 10.2.3.4, not 10.1.2.3
To comply with the RFCs, SMTP connections out the 10.2.3.4 interface
have to use 10.1.2.3 as the source address. (I do this routinely.)
Correct.
You ask PTR(10.2.3.4) and get interface.example.org
Or you ask A(somehost.example.org) and get 10.1.2.3
No, if the client is compliant and uses the host name source address,
you ask PTR(10.1.3.4) and get somehost.example.org.
The subthread is about comparing the connecting IP address, 10.2.3.4,
against the HELO name. This implies looking up either PTR(10.2.3.4)
and comparing against somehost.example.org, or looking up
A(somehost.example.org) and comparing against 10.2.3.4
If you want to verify that PTR(A(somehost.example.org)) matches
somehost.example.org, that's OK but it is not what we are talking about.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com