Stuart D. Gathman wrote:
On Thu, 8 Jan 2009, Alessandro Vesely wrote:
Setting a matching HELO name may be cumbersome when using NAT, multihomed
hosts, VPNs, and the like. IMHO, checking the domain name should suffice.
Multihomed hosts just need to use a HELO that matches the IP they
are sending mail on. Using a single HELO name with multiple A records
that matches *all* their IPs works too if the sending IP is selected
randomly. NAT and VPN are irrelevant. Just set HELO to something that matches
whatever you are natted to - just like multi-homed.
However, if one happens to mix all those, e.g. NATting a pool of
addresses to some multihomed hosts through a VPN, it may well be hard
to configure the helo name properly :-/
I don't *require* PTR. HELO works just as well as rDNS (better and cheaper).
But I'll take a valid PTR in place of a bogus HELO to establish MTA
identity. I don't like MTAs that require rDNS/PTR, because the vast majority
of MTAs for small domains do not have a 256 block of IPs, and have to
beg and plead with their ISP for weeks to get rDNS configured properly.
In other words, you accept an SPF "pass" on HELO to skip further
[FC]rDNS checks. Very reasonable. Courier-MTA, for one, defaults to
that behavior when SPF checks are enabled.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com