* Wietse Venema ([EMAIL PROTECTED]) [20080903 11:35]: > Raymond Keller: > > I configured reject_invalid_helo_hostname and was surprised to find > > that underscores were permitted. Judging by the source (I'm not > > conversant in C), it looks like the author had this comment > > regarding allowing underscores: "grr.." I feel similarly. Is that > > you, Mr. Venema? My sympathy. I take it that allowing underscores > > is for the sake of handling Windows MUAs? > > Hostname syntax is defined in Internet RFCs. Postfix's hostname > validator routine cites RFC 952, RFC 1123, RFC 1035, RFC 2373. > > However, not everyone reads internet RFCs before implementing email > software. In order to be useful, Postfix allows for common > deviations. The primary mission of Postfix remains to deliver mail.
And Postfix does an excellent job of delivering mail, which is why I am a user and advocate for about 8 years now. I thank you very much for your work. I'm sorry if this touches on a sore spot. I understand the need to balance RFC compliance and real-world function. Is the compatibility that is sought by allowing underscores done for the sake of Windows MUAs? In my circumstance I have no MUA clients with RFC-invalid hostnames; my system is only a mail gateway. So I might refuse underscores. I think ideally this might be done with a configuration option (perhaps "strict_rfc_hostnames"), but perhaps I should just do so via check_helo_access. Is there any sense of how many noncompliant MTA configurations are out there? I would expect there to be next to none (that are non-spammy). > /_/ 554 RFCs 810, 952, and 1035 do not allow underscores in hostnames. The other item I was wondering about was regarding SMTP RFC complaince in HELO hostnames -- requiring brackets for literal addresses. This requirement is currently shortcut if the hostname is a valid address. I might refuse unbracketed literals. Again, ideally this might be done with a configuration option (perhaps "strict_rfc2821_helo_hostnames"), but, again, it may be best for me to just do the rejection via check_helo_access restriction. Is there any sense of how many legitimate MTA configurations out there violate this particular requirement? > /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\$/ 554 RFC 2821 does not allow bare > address literals. RSK
