On Sat, 2005-04-02 at 22:21 -0600, Mark A. Lewis wrote:
Stumbled across this while researching the points raised in this thread. Very good writeup IMO and addresses many of the questions/concerns.
----- indeed and as you say...those who reject based upon client HELO/EHLO address are non-compliant but in reading the perspective on your link, it states...
Q2. Regarding your checks "reject_invalid_hostname," "reject_non_fqdn_hostname" and "check_helo_access": Isn't rejecting on HELO/EHLO not being a valid and FQDN'd hostname a violation of the RFC's?
A2. Why yes, yes it is. Doing so is a judgement call. In *my* experience: it stops more spam than it does result in "false positives." And in the few cases where it has resulted in false positives, I've found that a friendly dialog with the offending mail server's owner got it straightened out. Your mileage may vary.
Machines outside "mynetworks" should *never* HELO/EHLO as being in our domain. So even if you want to forego "reject_invalid_hostname" and "reject_non_fqdn_hostname," it seems to me perfectly reasonable to still do the "check_helo_access" restriction.
I see the logic in the 'judgment call'
Craig