[CentOS] postfix - reject of incoming mail due to helo check??
Stephen Harris
lists at spuddy.org
Fri Feb 3 19:01:13 UTC 2012
On Fri, Feb 03, 2012 at 12:14:13PM -0600, Les Mikesell wrote:
> On Fri, Feb 3, 2012 at 10:28 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
> >
> > it is quite easy to know the mail-flow and from what public
> > interface mails are going out and hwatever that ip is get
> > a A-Record and matching PTR and that is what "myhostname"
> > has to be set to
>
> RFC quote, please.
In this, Les is correct. The RFCs merely say the HELO needs to _a_ valid
identifier for the host. Indeed this discussion was on this list back in
July ("SPAM on the List") where I pointed out that RFC 5321 says
=~=~=~=~=~=
4.1.1.1. Extended HELLO (EHLO) or HELLO (HELO)
These commands are used to identify the SMTP client to the SMTP
server. The argument clause contains the fully-qualified domain name
of the SMTP client, if one is available. In situations in which the
SMTP client system does not have a meaningful domain name (e.g., when
its address is dynamically allocated and no reverse mapping record is
available), the client SHOULD send an address literal (see
Section 4.1.3).
You only need to follow 5321 requirements which do _not_ require the
host to identify it as matching the specific interface; it merely needs
to identify as a valid A record (or address literal) for the client system.
There's nothing to say that the client system need be listening to port
25 (or be open to port 25 connections; firewalls for example), so anyone
performing HELO (or EHLO) address verification is pretty much limited
to the 2.3.5 requirement; that the passed name is _a_ valid name. Which
is, AFAIK, all postfix does.
=~=~=~=~=~=
The HELO value does need to be valid, but it _need not_ match the
IP address being used to communicate.
--
rgds
Stephen
More information about the CentOS
mailing list