On Thu, 24 Nov 2005, Hector Santos wrote:
From: "Mark" <admin(_at_)asarian-host(_dot_)net>
A "receiver MUST NOT refuse to accept a message, even if the
sender's HELO command fails verification" refers ONLY
to the failure to "verify that the HELO parameter really corresponds
to the IP address of the sender." It does not mean: "Hector
can use 'hdev1' for HELO/EHLO name."
Huh? Mark, you're in denial! :-)
... can you guys calm down a little in your discussions ...
Have a look at RFC 2821, section 3.6:
3.6 Domains
Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs. Local nicknames or unqualified names MUST NOT be
used.
That isn't a rejection policy.
It is - just not for EHLO. The above was meant to be used for email
addresses used for SMTP (i.e. the ones in RCPT TO and MAIL FROM) so
that email could be routable.
The thing is that it also contradicts common use because in the local
system or within local domain, it is ok to send mail from "me" to "you"
(or me(_at_)localhost to you(_at_)localhost) and the delivery would generally be
accepted and be sent to local mailbox by that name if it exists.
Similarly for EHLO one system (like say xyzzy) can identify itself only
by its local hostname to another system within same network and its fine.
However when two systems communicate over the internet from two distinct
administrative domains the EHLO should be FQDN as well.
I personally view the above as invitation to do special kind of SPF check
when single host (not FQDN) is used in EHLO as a way to authenticate that
it is a local network host. In particular if you know your local domain
(say example.com) and it has SPF record then you could do SPF check on
incoming mail client ip address against example.com and if it is mail
client from your domain, than you should get PASS as a result. And same
applies when you see non-FQDN in MAIL FROM address too.
But overall, you fail the grasp the overall key issue here. It is understood
why you can't comprehend this rather detailed, system-wide oriented thinking
and its my fault to expect more of you. I don't blame you. Really. SMTP
authors have to write software that caters to people like you. SMTP authors
need to make it possible for administrators to do what they want - WITHIN
certain guidelines.
It is improper for you to make an assumption that you know what administrator
wants better then that administrator and that you're smarter and/or can
write smarter software. There is a feedback loop that clearly exists (must
exist for software to be successful). But is is still that way too many
times I see bad and non-compliant software that admins have to deal with.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com