[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HELO [18.104.22.168] wrong policy checking
Date sent: Mon, 17 Sep 2001 14:42:10 +0400 (MSD)
From: Eugene Crosser <firstname.lastname@example.org>
Send reply to: Eugene Crosser <email@example.com>
Subject: Re: HELO [22.214.171.124] wrong policy checking
To: Matti Aarnio <firstname.lastname@example.org>
> The question is somewhat different. Systems should connect to us from
> private addresses so it may be legitimate to reject connections from
> such addresses. BUT checking HELO parameter is different - if it has
> provate address literal (or any random junk for that matter) it does
> not mean illegitimate peer. What I am objecting to is that peer IP
> address and HELO parameter presented by peer are currently checked the
> *same* way. This I think is not right.
I completely agree with you. RFC2505 says:
....In an SMTP session we have 4 elements, each with a varying
degree of trust:
1) "HELO Hostname" Easily and often forged.
2) "MAIL From:" Easily and often forged.
3) "RCPT To:" Correct, or at least intended.
4) SMTP_Caller (host) IP.src addr OK, FQDN may be OK.
So, checking criteria should be very different for IP and HELO.
IT Department Head
14, 13th Line V.O.,
St.Petersburg 199034 Russia
tel.: +7 (812) 346 82 47, +7 (812) 327 71 08
fax: +7 (812) 346 82 48, +7 (812) 327 14 08
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to email@example.com