On 2015-01-05 18:34, Reindl Harald wrote:
if the envelope-domain has no SPF published and want to verify
anything in context of HELO then you can check:
* does the HELO hostname exist at all
* does the IP match in both directions
but you are far away from a SPF_HELO_PASS in context of the incoming
mail, frankly it's wrong and unrelated until the envelope sender is
not @helo-hostname
You might want to give the SPF specs another read, SPF can optionally
apply to the HELO/EHLO field.
https://tools.ietf.org/html/rfc7208#section-2.3, which reads in part:
It is RECOMMENDED that SPF verifiers not only check the "MAIL FROM"
identity but also separately check the "HELO" identity by applying
the check_host() function (Section 4
<https://tools.ietf.org/html/rfc7208#section-4>) to the "HELO" identity as the
<sender>.
Since this applies to the HELO/EHLO field separately from the MAIL FROM
based checks, it is perfectly valid to have a SPF_HELO_PASS even if the
sending domain has no SPF policy. This is normal and expected behaviour.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
