[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HELO [] wrong policy checking

If on incoming connection remote gives us HELO with IP literal that
belongs to a forbidden network it results in rejection of mail.
I think this is not right.  HELO string should not be checked
as notoriously as real IP address of the peer.

This behavior results in rejection of mail coming from (admittedly
misconfigured) MTAs talking to us from a private network behind a NAT

I think the source of the problem is that pt_heloname calls check_doman
in policytest.c:1181, and check_domain, when it gets IP literal, calls
_addrtest_ in policytest.c:1039.  I don't feel that it is appropriate
to check address where check of domain was requested.  Maybe even domain
should not be checked in HELO parameter?..

Any thoughts about how to fix this properly?

To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi