On Fri, Feb 03, 2012 at 12:14:13PM -0600, Les Mikesell wrote:
On Fri, Feb 3, 2012 at 10:28 AM, Reindl Harald h.reindl@thelounge.net wrote:
it is quite easy to know the mail-flow and from what public interface mails are going out and hwatever that ip is get a A-Record and matching PTR and that is what "myhostname" has to be set to
RFC quote, please.
In this, Les is correct. The RFCs merely say the HELO needs to _a_ valid identifier for the host. Indeed this discussion was on this list back in July ("SPAM on the List") where I pointed out that RFC 5321 says
=~=~=~=~=~= 4.1.1.1. Extended HELLO (EHLO) or HELLO (HELO)
These commands are used to identify the SMTP client to the SMTP server. The argument clause contains the fully-qualified domain name of the SMTP client, if one is available. In situations in which the SMTP client system does not have a meaningful domain name (e.g., when its address is dynamically allocated and no reverse mapping record is available), the client SHOULD send an address literal (see Section 4.1.3).
You only need to follow 5321 requirements which do _not_ require the host to identify it as matching the specific interface; it merely needs to identify as a valid A record (or address literal) for the client system.
There's nothing to say that the client system need be listening to port 25 (or be open to port 25 connections; firewalls for example), so anyone performing HELO (or EHLO) address verification is pretty much limited to the 2.3.5 requirement; that the passed name is _a_ valid name. Which is, AFAIK, all postfix does. =~=~=~=~=~=
The HELO value does need to be valid, but it _need not_ match the IP address being used to communicate.