[RFCI-Discuss] DSN listing of secureserver.net

Alex van den Bogaerdt alex at ergens.op.het.net
Sat Oct 28 22:35:37 EDT 2006 

On Sat, Oct 28, 2006 at 02:54:05AM -0700, T wrote:

> >Which raises the issue that RFC 821/822 stats that HELOs need not bear
> >any relationship to the actual hostname - as long as they're
> >syntactically valid.
> 
> Well, yes, it doesn't NEED any relationship, but in spirit it does and
> it would be better if it did.

Where RFC821 says "domain", you should probably read "hostname" if you
have difficulties with it.

See 821 section 3.7


> >The RFCs are quite clear that messages MUST NOT be rejected on the basis
> >of HELO not matching the connecting hostname.
> >
> >>(individual servers weren't identifiable)
> >
> >HELOs aren't intended for individual server identification and never were.
> 
> Well, no, I think that was the original intention although never a
> requirement... I'm not sure how you explain them....  I feel the spirt
> of the RFC should allow that the server with the "HELO FRED" be
> immediately identifiable by FREDs postmaster.

The "MUST NOT REJECT" part is to be found in RFC 2821, and is there
to accomodate multiple names belonging to one server.  The NIC used
to contact your host does not have the same name ("domain") as the
one mentioned as HELO parameter.

e.g.
principlehostname.example.com A 192.0.2.1
nic1-host.example.com  A 192.0.2.1
nic2-host.example.com  A 192.0.2.2
1.2.0.192.in-addr.arpa PTR principlehostname.example.com.
2.2.0.192.in-addr.arpa PTR nic2-host.example.com.

This host could say "HELO principlehostname.example.com"
even if connecting from 192.0.2.2

You cannot verify that principlehostname.example.com and 192.0.2.2
are one and the same, thus you should not reject.


However: "FRED" is not a fully qualified domain name and is not
to be used.  Nor is "192.0.2.1" (not a dotted quad as described by
RFC 2821 4.1.3), "hotmail.com" (unless it is the host with domain name
hotmail.com) and so on.  Only a fully-qualified domain name (see
RFC 2821 4.1.1.1) OF THE HOST, or an address literal (under specific
circumstances) are allowed.  Even RFC 2821 does not forbid rejecting
if the client does not comply with these rules.


RFC 821 simply talks about "not acceptable".  Using my hostname in
your HELO command does IMHO qualify as "not acceptable" because I
know, beyond doubt, that you are not who you say you are.

"FRED" would qualify as such a name by the way.  You are not host
FRED, that host has an RFC1918 address on my network.


> I think HELOs are two part... #1 for the postmaster of the sending
> system for server identification... and that was the half the original
> "spirit" of the RFC.

and for tracing on the receiver's side.

I think IP addresses are noted because names are unreliable, not
because people like redundant data.

The intention was:
> S: Received: from MIT-AI.ARPA by USC-ISIE.ARPA
not
> S: Received: from FRED (adsl-1-2.3-4.provider.example [192.0.2.1]) by WILMA[192.0.2.2]


Alex

More information about the RFCI-Discuss mailing list