Hi. Am Dienstag 09 März 2010 21:15:49 schrieb Nathan Eady: > Bernd Wurst <[email protected]> writes: > > Am Mittwoch 03 März 2010 22:28:04 schrieb Nathan Eady: > >> * HELO names that don't share at least the top couple of > >> levels with the actual FQDN are blocked (so, for instance, > >> if the HELO name is hotmail.com, it would match if the > >> sending host's PTR record says out2.mail.hotmail.com > >> but not if it says cpe-24-210-138-71.woh.res.rr.com. > > > > This must be modified: > > If the HELO name resolves to the connected IP-address, tis check > > must be omitted. > > I can live with that. (Arguably, the wording above could even be > taken to imply that, since a full match is "at least" as good as a > partial match.)
No, it's the other way round. The above metioned check would do a reverse lookup of the connected IP address and then match the resulting host name against the HELO name. What I said is to resolve the HELO name and omit this check if this matches the connected IP address. (Given that "actual FQDN" is the reverse lookup of the IP address.) > > Not every server admin has access to the reverse lookup of his IP > > address. > Presumably, the mail admin *does* have control over the HELO name, so > he *could* make it match. But yeah, in the real world they don't all > precisely match, which is kind of the point. You're right, but it's the other way. If I have a home server on a dialup connection, I get a dynamically assigned IP address. The reverse lookup is something like dialup12345678.myprovider.com. My HELO is myserver.mydomain.com and I *can* control that this record always points to my server's current IP address. But I cannot control the FQDN of the reverse lookup of my IP address and I cannot use this one as HELO (because it changes). This scenario could fail regarding to some blacklisting but that's out of scope for this. The current HELO check does *not* fail on this situation and this is good! cu, Bernd
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
