[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HELO [1.2.3.4] wrong policy checking



Indeed 99/9% of all MTAs ignore the HELO/EHLO parameters, they are
notoriously wrong.

Eugene Crosser wrote:

> If on incoming connection remote gives us HELO with IP literal that
> belongs to a forbidden network it results in rejection of mail.
> I think this is not right.  HELO string should not be checked
> as notoriously as real IP address of the peer.
>
> This behavior results in rejection of mail coming from (admittedly
> misconfigured) MTAs talking to us from a private network behind a NAT
> router.
>
> I think the source of the problem is that pt_heloname calls check_doman
> in policytest.c:1181, and check_domain, when it gets IP literal, calls
> _addrtest_ in policytest.c:1039.  I don't feel that it is appropriate
> to check address where check of domain was requested.  Maybe even domain
> should not be checked in HELO parameter?..
>
> Any thoughts about how to fix this properly?
>
> Eugene
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi