> > >--On 26 October 2006 09:40:30 +0100 Philip Hazel <[EMAIL PROTECTED]> >wrote: > >> On Thu, 26 Oct 2006, Peter Bowyer wrote: >> >>> > 250 xxx.net Hello xxx.net [82.230.172.234] >>> > >>> > HELO is still allowed. I really would like to deny it here. >>> >>> HELO support is a required part of SMTP, as has already been >>> explained. It's not possible, and not sensible, to disallow it. >> >> Well, it is possible, though I entirely agree that it is not sensible! > >I think the OP is saying that HELO on an authenticated connection would be >unexpected, and it might be useful to bar it as a precaution.
I don't know if 'unexpected' would necessarily be the case. Might not a calling host first HELO and invoke the list of 'advertised' services, and only then use an EHLO if such were 'advertised', ELSE not? Might not also a calling host that was itself NOT equipped with extensions be confused / disinterested in requesting same, but not necessarily insecure (by other means) nor unwelcome? And it should probably be clarified by the OP if this is primarily about MTA-MTA 'peer' traffic exchange, or sometimes/never/always appplicable to MUA MSA submission connections. Bill > Presumably >the idea is that any well written client that's authenticating is going to >use EHLO, At some point, 'almost certainly' yes. But not necessarily always as 'first verb' on initial arrival. - OK - perhaps we are 'presuming' the ruleset under discussion is applied at next stage - but I don't (yet) see that we have made that a certainty. >and barring HELO might just catch out some piece of malware >(whether extant or theoretical) that's trying to crack the authentication. > >I don't know off the top of my head whether it's true that the RFCs require >that a proper authenticated connection must have used EHLO. > >> You can check for HELO vs EHLO in an ACL. >> >> -- >> Philip Hazel University of Cambridge Computing Service >> Get the Exim 4 book: http://www.uit.co.uk/exim-book > > > >-- >Ian Eiloart >IT Services, University of Sussex > >-- >## List details at http://www.exim.org/mailman/listinfo/exim-users >## Exim details at http://www.exim.org/ >## Please use the Wiki with this list - http://www.exim.org/eximwiki/ -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
