[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HELO [1.2.3.4] wrong policy checking

To: zmailer@nic.funet.fi
Subject: HELO [1.2.3.4] wrong policy checking
From: Eugene Crosser <crosser@online.ru>
Date: Wed, 12 Sep 2001 21:56:41 +0400 (MSD)
Reply-To: Eugene Crosser <crosser@online.ru>
Sender: zmailer-owner@nic.funet.fi

If on incoming connection remote gives us HELO with IP literal that
belongs to a forbidden network it results in rejection of mail.
I think this is not right.  HELO string should not be checked
as notoriously as real IP address of the peer.

This behavior results in rejection of mail coming from (admittedly
misconfigured) MTAs talking to us from a private network behind a NAT
router.

I think the source of the problem is that pt_heloname calls check_doman
in policytest.c:1181, and check_domain, when it gets IP literal, calls
_addrtest_ in policytest.c:1039.  I don't feel that it is appropriate
to check address where check of domain was requested.  Maybe even domain
should not be checked in HELO parameter?..

Any thoughts about how to fix this properly?

Eugene
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Follow-Ups:
- Re: HELO [1.2.3.4] wrong policy checking
  - From: Michael Loftis <mloftis@wgops.com> (Wed, 12 Sep 2001 21:52:19 +0300)
- Re: HELO [1.2.3.4] wrong policy checking
  - From: "Alexey Lobanov" <aal@cpr.spb.ru> (Wed, 12 Sep 2001 22:00:25 +0300)
- Re: HELO [1.2.3.4] wrong policy checking
  - From: Matti Aarnio <mea@nic.funet.fi> (Thu, 13 Sep 2001 15:48:24 +0300)

Prev by Date: Re: Strangeness
Next by Date: Re: HELO [1.2.3.4] wrong policy checking
Prev by thread: Re: Strangeness
Next by thread: Re: HELO [1.2.3.4] wrong policy checking
Index(es):
- Date
- Thread