At 5:47 PM +0100 3/14/09, Grayhat wrote:
> > The problem is that 1) headers are supposed to provide a "chain of
>> custody" per the RFC's and 2) RFC 821/2821 para 3.6 requires the
>> domain name given with the helo/ehlo must be the primary host name
>> (or a domain literal only if the host has no name) and assp fulfills
>> neither critera as shown below.
>
>Would an "X-ASSP-Received-From:" header carrying the original
>IP and HELO solve such an issue ? In such a case, ASSP may just
>present itself using its own name instead of the sending host HELO
>so you'll have your "chain"... although, I don't see such a thing as a
>really big issue, a minor annoyance maybe, but not an issue at all,
>and btw, if such a change would require overhead to ASSP, then
>my opinion would be to leave things as they are :) at least until
>someone won't demonstrate that the current behaviour is causing
>some nasty problem or letting spam through
There is no need for a X-ASSP-Received-From header as ASSP already
creates the proper received header line before passing the mail to
the mail server. And fixing it is no be deal in terms of programming.
I am not a perl programmer but it looks to me like the fix would be:
sendque($fh, "EHLO $Con{$cli}->{helo}\r\n");
change to
sendque($fh, "EHLO $myName\r\n");
The present behavior is non compliant with RFCs and it would seem to
me that since ASSP does validity checking by relying on correct
implementation of RFC's by others that ASSP should be compliant as
well. Let me explain the problem.
When ASSP is working as a proxy/relay, ASSP must (per RFC 821/2821)
announce itself correctly per RFC and not use the helo provided by
the sender as ASSP's own as it is invalid and prone to confusion but
it also can cause big problems if the receiving mailserver is
configured to perform helo/ehlo validity checking.
The last 2 received headers seen at the mail client currently are
Received: from server121.janis.or.jp (206.208.58.52) by oitc.com with ESMTP
(EIMS X 3.3.7); Sat, 14 Mar 2009 03:35:00 -0400
Received: from server121.janis.or.jp ([220.254.1.121]
helo=server121.janis.or.jp)
with IPv4:25 by assp.oitc.com; 14 Mar 2009 03:34:52 -0400
These headers should be
Received: from assp.oitc.com (206.208.58.52) by oitc.com with ESMTP
(EIMS X 3.3.7); Sat, 14 Mar 2009 03:35:00 -0400
Received: from server121.janis.or.jp ([220.254.1.121]
helo=server121.janis.or.jp)
with IPv4:25 by assp.oitc.com; 14 Mar 2009 03:34:52 -0400
See RFC paras 4.1.1.4 and 4.4 and especially D.3
"D.3 Relayed Mail Scenario When the list of hosts is present, it is a
"reverse" source route and indicates that the mail was relayed
through each host on the list (the first host in the list was the
most recent relay). This list is used as a source route to return
non-delivery notices to the sender. As each relay host adds itself to
the beginning of the list, it MUST use its name as known in the
transport environment to which it is relaying the mail rather than
that of the transport environment from which the mail came (if they
are different)."
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
