On Fri, 17 Jul 2009, Stuart D. Gathman wrote:
B the helo is invariant it should not change from one connection to the
next and if it does the machine often triggers anti-bot detection systems
The HELO would always be the same for a given recipient domain, so it won't
trigger the anti-bot systems.
C most MTA's have no method to change the helo without restart
So don't use one of those inflexible MTAs. :-)
In the case of sendmail, just use a Socketmap for the %j macro (or
copy a Socketmap macro to %j on each connection for efficiency).
Even better, use just 2 MTAs - each with a fixed HELO. Route
email for normal recipients to normal.smtp.example.com, and email
for braindead recipients to lifesupport.smtp.example.com. Make sure
the policy rejects on invalid helo before passing on a HELO of
lifesupport.smtp.example.com.
This variation would actually be practical for SPFv1. I already have to do
something like this for SRS/VERP/BATV style signing of MAIL FROM. Some
recipients ignore rfc2821 and have their own undocumented allowed character
set for localpart and are marked 'nosrs'.
D then you have the headache of maintaining the A records for all thes
helo's and the spf records for all these helo's {+CSV or any other record
types that get used to validate HELO in the future}
Now there are just 2 A records.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com