[CentOS] Re: postfix tightening
Les Mikesell
lesmikesell at gmail.com
Sun Apr 3 03:41:41 UTC 2005
On Sat, 2005-04-02 at 21:14, Gavin Carr wrote:
> On Sat, Apr 02, 2005 at 03:54:37PM -0600, Les Mikesell wrote:
> > > Anyway, the point of checking that a system that's trying to deliver
> > > email to you has a name that resolves to the address it's using, that
> > > that address resolves back to the name, and that the HELO specifies
> > > the correct name as well, is that most privately owned Windows PCs
> > > don't fulfill those requirements.
> >
> > There is no requirement for the HELO to match anything else. It must
> > be syntactically correct but it does not have to have anything to do
> > with the particular interface you happen to be using. On the other
> > hand the From: address does have to be resolvable - otherwise you
> > wouldn't be able to reply anyway.
>
> Wrong. RFC2821 says:
>
> 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
>
> These commands are used to identify the SMTP client to the SMTP
> server. The argument field contains the fully-qualified domain name
> of the SMTP client if one is available. In situations in which the
> SMTP client system does not have a meaningful domain name (e.g., when
> its address is dynamically allocated and no reverse mapping record is
> available), the client SHOULD send an address literal (see section
> 4.1.3), optionally followed by information that will help to identify
> the client system. The SMTP server identifies itself to the SMTP
> client in the connection greeting reply and in the response to this
> command.
A SHOULD is not a requirement. A MUST would be a requirement. Even
if it did mention a requirement, there is nothing that says a
host with multiple addresses should use the name matching the
connected interface each time. There is certainly nothing there
to override the earlier RFC (which I've forgotten) that specifies
a similar recommendation but goes on to say that the receiver
MUST NOT reject the message based on an address lookup mismatch
for the HELO/EHLO name (obviously written by someone who realized
that multi-homed servers are common and that corporate servers
often live behind NAT firewalls and don't even know the address
that will be used the public side).
--
Les Mikesell
les at futuresource.com
More information about the CentOS
mailing list