Re: exim HELO=fully qualified host name?

From: Vincent Lefevre (vincent_at_vinc17.org)
Date: 03/02/04

  • Next message: Benjamin Sher: "Mplayer won't "make" during install" 
    Date: Tue, 2 Mar 2004 16:31:22 +0100
To: Debian-User <debian-user@lists.debian.org>

    On 2004-03-02 09:02:23 -0500, Derrick 'dman' Hudson wrote:
    > RFC 2821, section 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
    >
    > The argument field contains the fully-qualified domain name of the
    > SMTP client if one is available. In situations in which the SMTP
    > client system does not have a meaningful domain name [...], the
    > client SHOULD send an address literal
    >
    > If the client gives a domain name that is not fully-qualified, it
    > violates the specification. Therefore it is bad data.

    I was talking more about the resolution of the FQDN (when the client
    gives a valid FQDN).

    > | Same problems with machines on private networks, when NAT is used.
    >
    > Those machines could have domain names, although they might not be
    > listed in the public DNS.

    This is my case at home (ay.vinc17.org, which is resolvable only in
    my private network, and refusing my messages just because the server
    can't resolve it is a bad idea).

    > They could also provide an IP address.

    which would be a private address, so not more useful than a random FQDN
    for the server.

    > | Well, I think that requiring a FQDN (i.e. with at least a dot) is even
    > | too much, as the FQDN is completely useless and most spam messages are
    > | sent with a valid FQDN anyway.
    >
    > Many are sent without it. Here are some of my stats from last week :
    > Helo command rejected: Don't use my own hostname (total: 72)
    > Helo command rejected: Invalid name (total: 6)
    > Helo command rejected: localhost? Really? Nah, fix your hosts file. (total: 4)
    > Helo command rejected: need fully-qualified hostname (total: 215)
    > Helo command rejected: Your software is not RFC 2821 compliant (total: 194)
    >
    > That is 491 junk messages I did not receive due to simple sanity
    > checking of the HELO parameter. It works for me.

    How do you know they are all junk messages if you only checked the HELO?
    Before exim was fixed in Debian, several messages I'd sent were rejected
    by some SMTP server.

    > It is easy enough for anyone who wants to send mail to either relay it
    > through a provider,

    This is what I was doing until I got bored by too many problems with
    my ISP's smarthost:
      1) it was frequently blacklisted,
      2) messages could be waiting for hours in the queue (either because
         it was full of spam or because many other messages were blocked
         due to timeout when trying to connect the destination server),
      3) messages could be rejected if the destination server was down for
         several hours (as a solution of (2)).

    > or to provide a syntactically valid fully-qualified name or IP
    > address that I don't consider the checks I enforce to be too strict.
    > You're free to not enforce these checks on your own server if you
    > don't want to.

    You rules seem to be OK, at least concerning the RFC. But before
    doing any check, I would do some stats first. For instance, I've
    just seen in my mail that a friend of mine is using Apple Mail,
    which isn't RFC 2821 compliant. Forte Agent, used by some of my
    family, doesn't provide a FQDN (no dot in the HELO argument).
    Ditto for Microsoft Outlook (from a message received in some
    mailing-list). 

    -- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/> - 100%
validated (X)HTML - Acorn Risc PC, Yellow Pig 17, Championnat International
des Jeux Mathématiques et Logiques, TETRHEX, etc.
Work: CR INRIA - computer arithmetic / SPACES project at LORIA
-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Benjamin Sher: "Mplayer won't "make" during install"

    Relevant Pages

    • Re: exim HELO=fully qualified host name?
      ... |> client system does not have a meaningful domain name, ... | gives a valid FQDN). ... and refusing my messages just because the server ... Find a different provider. ...
      (Debian-User)
    • Re: Solution for invisible network shares when VPN into SBS2003?
      ... The Hosts file is used for FQDN resolution and the ... LMHOSTS file is for NetBIOS name resolution. ... The files are only needed on the client side to help your client find your ... > However, do I have to configure Hostfiles an the server, client or both? ...
      (microsoft.public.windows.server.sbs)
    • RE: Remote DNS Issue
      ... When a client in Office C runs the nslookup command, ... Server: dnsr1.sbc.global.net ... So she IS able to disjoin and rejoin the domain... ... is FQDN,A FQDN is a complete DNS name,Fully qualified domain name. ...
      (microsoft.public.windows.server.sbs)
    • Re: exim HELO=fully qualified host name?
      ... the FQDN and the IP address seen by the server won't ... I think requiring the name to resolve ... > to the same address as the client connecting is being too strict. ... I think that requiring a FQDN is even ...
      (Debian-User)
    • Re: How to set up NFS client for Kerberized access in Solaris
      ... Your is upper case but not a fqdn. ... I'll try with the fqdn as the realm name. ... We need to klist output for the client. ... on client and server. ...
      (comp.unix.solaris)