[RFCI-Discuss] DSN listing of secureserver.net
Alan Brown
alanb at digistar.com
Wed Oct 25 05:28:29 EDT 2006
On Wed, 25 Oct 2006, Matus UHLAR - fantomas wrote:
> On 25.10.06 03:56, Alan Brown wrote:
> > Which raises the issue that RFC 821/822 stats that HELOs need not bear
> > any relationship to the actual hostname - as long as they're
> > syntactically valid.
>
> where? Imho statement 3.5 of rfc821 says just the opposite.
It says should. There are various valid reasons why they may not, such
as hosts behind NAT gateways, etc.
HELOs are best suited to sending host domain identification and not much
more than that.
> > > That sorta means, you probably have not configured the SPF records for
> > > the hostnames you use in your HELO greets
>
> That was me having the problem (spf was set, but denying all). Fixed now.
I ran my tests from a host unrelated to the HELO in order to check if it
was a real SPF reject.
> > > While for the longest time, it thought it annoying that all hotmail
> > > servers used "hotmail.com" in their HELOs not quite to the spirt of
> > > RFCs
> >
> > But entirely within the meaning of them.
> >
> > The RFCs are quite clear that messages MUST NOT be rejected on the basis
> > of HELO not matching the connecting hostname.
> >
> > >(individual servers weren't identifiable)
> >
> > HELOs aren't intended for individual server identification and never were.
>
> I doubt they knew they will start using SPF. But I think they changed HELO
> strings fto full host names because of "hotmail.com" being rejected on too
> many hosts (many viruses and spams used such helo).
Possible, but equally possible it's simply an artifact of the purported
changeover from *nix to WinNT mailservers.
--
If a person, or organisation, starts to play on your fears
it may be that person or organisation that you should fear.
More information about the RFCI-Discuss
mailing list