At 15:14 15/01/2010 Friday, Ian Eiloart wrote:
--On 15 January 2010 12:36:06 +0000 alan
<spfdiscuss(_at_)alandoherty(_dot_)net> wrote:
F PTRNAME != HELO #proof
that sending software is not just malware using its FQRDNS
Er, but isn't HELO = PTRNAME required by section 4.1.4 of RFC5321?
i see no mention of ptr-name anywhere in the doc but if you mean this
"The SMTP client MUST, if possible, ensure that the domain parameter
to the EHLO command is a primary host name as specified for this
command in Section 2.3.5. If this is not possible (e.g., when the
client's address is dynamically assigned and the client does not have
an obvious name), an address literal SHOULD be substituted for the
domain name."
as defined in 2.3.5 "primary host name" == a FQDN with an A record
as opposed to a partial name, or a "secondary host name" FQDN with a CNAME that
points to a primary
unfortunately people mixing up FQRDN and FQDN is also common
a host ip can have multiple primary names
secondary {and teritary etc} are just CNAMES
any mail hosts IP in my control has usually at least these 6 primary names
ptr-name obvious use, to match the PTR and verify organization identity that
owns IP
client-helo-name for outbound to others port 25
mx-tls-cert-name the one the domains mx records point to accepts inbound
connections on port 25 and matches tls cert
submission-port-tls-cert-name the name clients connecting to port 587 use and
matches the tls cert there
pop3-port-name just so moving to a server-per-role setup later means no re
configuring clients
host-name-in-os used by me to ssh to the right box regardless of which service
is running where today :)
as usually all the ip's for the above stuff are HA spread across several
physical servers
you can always read http://www.alandoherty.net/info/mailservers/
for further BUP stuff {best Uncommon Practices}
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com