[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HELO [1.2.3.4] wrong policy checking
Hello.
Date sent: Mon, 17 Sep 2001 14:42:10 +0400 (MSD)
From: Eugene Crosser <crosser@online.ru>
Send reply to: Eugene Crosser <crosser@online.ru>
Subject: Re: HELO [1.2.3.4] wrong policy checking
To: Matti Aarnio <mea@nic.funet.fi>
> The question is somewhat different. Systems should connect to us from
> private addresses so it may be legitimate to reject connections from
> such addresses. BUT checking HELO parameter is different - if it has
> provate address literal (or any random junk for that matter) it does
> not mean illegitimate peer. What I am objecting to is that peer IP
> address and HELO parameter presented by peer are currently checked the
> *same* way. This I think is not right.
I completely agree with you. RFC2505 says:
....In an SMTP session we have 4 elements, each with a varying
degree of trust:
1) "HELO Hostname" Easily and often forged.
2) "MAIL From:" Easily and often forged.
3) "RCPT To:" Correct, or at least intended.
4) SMTP_Caller (host) IP.src addr OK, FQDN may be OK.
.......
So, checking criteria should be very different for IP and HELO.
Alexey
====
Alexey Lobanov
NIC-hdl: al258-ripe
CPR, St.Petersburg
IT Department Head
CPR Institute
14, 13th Line V.O.,
St.Petersburg 199034 Russia
tel.: +7 (812) 346 82 47, +7 (812) 327 71 08
fax: +7 (812) 346 82 48, +7 (812) 327 14 08
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi