spf-discuss
[Top] [All Lists]

Re: [spf-discuss] multiple HELOs

2006-02-11 05:53:05
On 11/02/06, Julian Mehnle <julian(_at_)mehnle(_dot_)net> wrote:
Paddy wrote:
I just got interested in the code in spfmilter

if ( cd->helo != (char*) 0 )
    syslog( LOG_NOTICE, "multiple HELOs from %s [%s] - ignoring '%s'",
        cd->helo, cd->ip_str, helohost );

but I'm finding it a little dense to grasp immediately.

I have a sendmail which is occasionally triggering this.

I'm imagining it to be for the same thing as discussed at
http://archives.neohapsis.com/archives/postfix/2000-04/0266.html

I've been idly wondering about proxying connect/helo information,
and this struck me as an interesting "feature".

I'm imagining if sendmail does this then most servers will accept it,
but I suppose it would be to much to hope that noone ever checks
a second HELO ?

I tend to agree with Wietse Venema that concluding from a timeout that the
previous command was never received, and proceeding to sending another
command (equivalent or whatever), is broken client behavior.  Client
commands should always be processed sequentially by the server.

Thus...

  * if the first HELO/EHLO command would have been accepted (but the server
    hasn't managed to send the response yet), the response should be sent,
    and a second HELO/EHLO should be rejected outright, unchecked by SPF.

  * if the first HELO/EHLO command would have been rejected (but the server
    hasn't managed to send the response yet), the response should be sent,
    and any further commands (including HELO/EHLO) should be treated
    normally.

So the second HELO/EHLO must be again checked by the SPF?

Constantine.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>