Jan-Pieter Cornet wrote:
On Wed, Sep 20, 2006 at 01:44:22AM -0700, John Rudd wrote:
But:
1) to reject based on the content of the HELO string is an RFC violation
This is a blatant and oft-repeated lie. Section 4.1.4 in RFC2821 contains
very specific wording. Only an IP mismatch is disallowed as a reason for
rejection. For any other violation, even if it's a local policy violation,
you are allowed to reject the HELO/EHLO argument.
A) it is at most a misunderstanding and not a lie.
B) you're wrong. However, instead of calling you a liar, I will merely
say that you haven't done your homework:
From section 4.1.4 of RFC 2821:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
You MUST NOT reject based on the presence of bogus host information in
the HELO/EHLO command.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
