John Jetmore wrote: > On Mon, 6 Nov 2006, Wakko Warner wrote: > >> mind. If the HELO is different, why not verify it? If you have a host that >> is legit doing this, the A record of the HELO should match the IP and you >> could allow that to pass. Most of the HELOs that I have seen are more of > > I've been trying to ignore this thread but this is just such a bad idea > and depends on invalid assumptions. I have what I believe to be a fairly > common mail setup
Many common mail setups are perfectly bad too. Commonness is not a sign of quality in itself. > that is perfectly legal but causes a single IP to source > multiple IPs. I have a pool of servers that are used by our billing > system. They are behind a firewall PAT address, so on the public internet > the PAT address appears to be sending SMTP connections with different HELO > strings. > > These servers have valid MX records in DNS. These MX records have > _nothing_ to do with the PAT address. They do _not_ have public A > records because there is no need for them. Just have a look at http://www.dnsreport.com/tools/dnsreport.ch?domain=cinergycom.com > > There is nothing illegal about the above configuration, everything that > needs to be valid is valid. But there's nothing tying any of the HELO > strings to the originating PAT address that I can see. Any scheme you > come up with to "validate" the HELO strings (or at least all the ones I've > seen so far) will fail, even though it's all kosher. > > --John > -- 010100100110010101101110011000010111010101100100 010000010110110001101100011000010111001001100100
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
