John Rudd wrote: > An SMTP server MAY verify that the domain name parameter in the EHLO > command actually corresponds to the IP address of the client. > However, the server MUST NOT refuse to accept a message for this > reason if the verification fails: the information about verification > failure is for logging and tracing only.
> You MUST NOT reject based on the presence of bogus host information in > the HELO/EHLO command. That is not correct; I come down on Jan-Pieter's side. You MUST NOT refuse a message if the HELO hostname does not resolve to the IP address of the client. But you can refuse the message for other reasons. For example, on our server, if someone HELOs as "*.roaringpenguin.com", we reject the mail. We don't reject it because the IP address doesn't match, but rather because we know the client is lying. We have complete knowledege of all machines in the roaringpenguin.com domain, so we know with 100% certainty when a machine is lying. This is a very subtle distinction, but nevertheless is permitted behaviour, I believe. The wording in the RFC is designed to protect SMTP clients behind NAT boxes or that don't know their on FQDN, not to protect spammers who misguidedly believe that HELOing as their victim gets them a free ride past a spam filter. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
