[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HELO [1.2.3.4] wrong policy checking

To: zmailer@nic.funet.fi
Subject: Re: HELO [1.2.3.4] wrong policy checking
From: Michael Loftis <mloftis@wgops.com>
Date: Wed, 12 Sep 2001 11:51:18 -0700
References: <ML-3.4.1000317401.540.crosser@ariel.sovam.com>
Sender: zmailer-owner@nic.funet.fi

Indeed 99/9% of all MTAs ignore the HELO/EHLO parameters, they are
notoriously wrong.

Eugene Crosser wrote:

> If on incoming connection remote gives us HELO with IP literal that
> belongs to a forbidden network it results in rejection of mail.
> I think this is not right.  HELO string should not be checked
> as notoriously as real IP address of the peer.
>
> This behavior results in rejection of mail coming from (admittedly
> misconfigured) MTAs talking to us from a private network behind a NAT
> router.
>
> I think the source of the problem is that pt_heloname calls check_doman
> in policytest.c:1181, and check_domain, when it gets IP literal, calls
> _addrtest_ in policytest.c:1039.  I don't feel that it is appropriate
> to check address where check of domain was requested.  Maybe even domain
> should not be checked in HELO parameter?..
>
> Any thoughts about how to fix this properly?
>
> Eugene
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- HELO [1.2.3.4] wrong policy checking
  - From: Eugene Crosser <crosser@online.ru>

Prev by Date: HELO [1.2.3.4] wrong policy checking
Next by Date: Re: HELO [1.2.3.4] wrong policy checking
Prev by thread: HELO [1.2.3.4] wrong policy checking
Next by thread: Re: HELO [1.2.3.4] wrong policy checking
Index(es):
- Date
- Thread