Re: exim HELO=fully qualified host name?

From: Vincent Lefevre (vincent_at_vinc17.org)
Date: 03/02/04

  • Next message: Werner Mahr: "Re: Video card - AGP 8x???" 
    Date: Tue, 2 Mar 2004 10:31:58 +0100
To: Debian-User <debian-user@lists.debian.org>

    On 2004-03-01 15:08:17 -0500, Derrick 'dman' Hudson wrote:
    > On Sun, Feb 29, 2004 at 10:16:23PM +0100, Vincent Lefevre wrote:
    > | RFC 2821:
    > |
    > | An SMTP server MAY verify that the domain name parameter in the EHLO
    > | command actually corresponds to the IP address of the client.
    > | However, the server MUST NOT refuse to accept a message for this
    > | reason if the verification fails: the information about verification
    > | failure is for logging and tracing only.
    >
    > You have a nice Catch-22 here. The receiver is not allowed to reject
    > bad data, but the sender isn't allowed to send it either!

    This isn't necessarily bad data. Some machines have several interfaces,
    i.e. several IP addresses, and several FQDNs may resolve to the same
    IP address; so, the FQDN and the IP address seen by the server won't
    always match. Same problems with machines on private networks, when
    NAT is used.

    > It boils down to what you, as a receiver, find acceptable. I find
    > requiring the HELO to be syntactically correct and fully-qualified to
    > be effective at limiting junk (spam and viruses) while not causing
    > significant collateral damage. I think requiring the name to resolve
    > to the same address as the client connecting is being too strict. In
    > fact, I have found that requiring the name to resolve to anything
    > creates too much collateral damage. YMMV.

    Well, I think that requiring a FQDN (i.e. with at least a dot) is even
    too much, as the FQDN is completely useless and most spam messages are
    sent with a valid FQDN anyway. 

    -- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> - 100%
validated (X)HTML - Acorn Risc PC, Yellow Pig 17, Championnat International
des Jeux Mathématiques et Logiques, TETRHEX, etc.
Work: CR INRIA - computer arithmetic / SPACES project at LORIA
-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Werner Mahr: "Re: Video card - AGP 8x???"

    Relevant Pages

    • Re: exim HELO=fully qualified host name?
      ... > The argument field contains the fully-qualified domain name of the ... > If the client gives a domain name that is not fully-qualified, ... I was talking more about the resolution of the FQDN (when the client ... and refusing my messages just because the server ...
      (Debian-User)
    • Re: exim HELO=fully qualified host name?
      ... |> client system does not have a meaningful domain name, ... | gives a valid FQDN). ... and refusing my messages just because the server ... Find a different provider. ...
      (Debian-User)
    • Re: Solution for invisible network shares when VPN into SBS2003?
      ... The Hosts file is used for FQDN resolution and the ... LMHOSTS file is for NetBIOS name resolution. ... The files are only needed on the client side to help your client find your ... > However, do I have to configure Hostfiles an the server, client or both? ...
      (microsoft.public.windows.server.sbs)
    • RE: Remote DNS Issue
      ... When a client in Office C runs the nslookup command, ... Server: dnsr1.sbc.global.net ... So she IS able to disjoin and rejoin the domain... ... is FQDN,A FQDN is a complete DNS name,Fully qualified domain name. ...
      (microsoft.public.windows.server.sbs)
    • Re: How to set up NFS client for Kerberized access in Solaris
      ... Your is upper case but not a fqdn. ... I'll try with the fqdn as the realm name. ... We need to klist output for the client. ... on client and server. ...
      (comp.unix.solaris)
    Loading