From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
On Wed, 23 Nov 2005, Hector Santos wrote:
Have you written SMTP server or in this case SMTP client software?
Yes.
...
When configuring an MTA, you must configure which mail domains it
handles (delivers "locally") instead of relaying. There is *no*
automatic way to do that. While doing that, pick a (valid) HELO name
as well.
When configuring an MUA, the HELO doesn't matter. The MTA will recognize
the IP as local, or you will use SMTP AUTH.
Come on Stuart. I like you. <g>
But your answers do not match any experience in writing SMTP software,
especially for the public market.
It has nothing to do with session authorization.
IP or ESMTP AUTH based authorization is *not* required for FINAL destination
mail (MDA). That is what makes the EMAIL system work and also why we have a
MAJOR exploit with SMTP. Authorization or any kind (Best current Practices
are; IP Allow Tables, ESMTP AUTH and/or POPB4SMTP) is only required for
relaying mail - sending out to remote, not LOCAL).
Come on. There is a REASONS why HELO is not reliable. Why are you fighting
it?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com