[RFCI-Discuss] about FQDN for our smtp servers
Alex van den Bogaerdt
alex at ergens.op.het.net
Thu Apr 13 15:48:34 EDT 2006
On Thu, Apr 13, 2006 at 09:00:20PM +0200, mouss wrote:
> >>This is debatable. The RFCs are self-contradictory here (one RFC
> >>requires clients to use a "canonical" name, but doesn't allow servers to
> >>check for that). of course, even requiring helo has been controversial
> >>for some time...
> >>
> >
> >This has come up here before. Your statement is false in multiple ways.
> >
> prove it. my "statement" above is comprised of two statements:
> - RFCs are self-contradictory
> - requiring helo has been controversial
You said the RFC does not allow to check a canonical name is used.
Now you say something different. Make up your mind.
> >The parameter must be a resolvable, fully qualified domain name
> >FOR THE CLIENT HOST. If this client host claims to be somebody
> >I know it is not, using knowledge I possess, I can safely reject
> >the message(s) in that session.
>
> and how do you get that knowledge? do you have a huge /etc/hosts on your
> machine?
Do I need a huge /etc/hosts on my machine, to know a server in china
is using *MY* host name in ITS ehlo command ?
And what about stuff like SPF, specifically forbidding 99.9999% of
all hosts on the Internet to use a certain HELO string ?
> >People claiming you cannot refuse messages based on HELO are
> >RFC ignorant themselves.
>
> we are talking about the standard, not about what one can do if he
> wants. as said above, you can reject mail randomly (as far as you accept
> postmaster and abuse mail).
I am not talking about randomly rejecting email. I am talking about
rejecting based on faulty HELO parameters.
It is quite simple. The HELO parameter has to be *the*host*name* of
the client. A fully qualified domain name. The canonical name, not
an MX record. Not a local alias. Not a CNAME. There are some
ifs and unlesses, in some narrowly tailored cases. That's when the
SHOULD applies. We are not talking about those very uncommon exceptions
here, we are talking about people that think "aol.com" is a correct
parameter, or "mailhost", or "192.0.2.1".
More information about the RFCI-Discuss
mailing list