[unisog] I need help.
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Jul 18 20:01:38 GMT 2002
On Thu, 18 Jul 2002 07:54:50 MDT, "William D. Colburn (aka Schlake)" said:
> I wrote a milter that checks things. If a message
> 1) contains only HTML content AND
> 2) does not have a reverse IP OR
> 2) gave a HELO/EHLO that does not match its reverse ip
(OK.. Time to put my e-mail geek hat on and cite chapter and verse ;)
Hopefully on the first (2), if you get a timeout on the DNS query you do a
tempfail (4xx) rather than a 5xx error.
Also, on the second (2) (should be 3?), note that there are a *NUMBER* of
perfectly valid cases for the HELO not matching (for instance, this laptop
always asserts the same hostname on the HELO, but if I happen to be
DHCP'ed on wireless or dialed up from home, the PTR won't match).
RFC2821 has this to say in 188.8.131.52:
These commands are used to identify the SMTP client to the SMTP
server. The argument field contains the fully-qualified domain name
of the SMTP client if one is available. In situations in which the
SMTP client system does not have a meaningful domain name (e.g., when
its address is dynamically allocated and no reverse mapping record is
available), the client SHOULD send an address literal (see section
4.1.3), optionally followed by information that will help to identify
the client system. y The SMTP server identifies itself to the SMTP
client in the connection greeting reply and in the response to this
and in 4.1.4:
An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.
Christian Huietma did a study a while ago, and found that only about 30%
of the DNS namespace had correct and valid PTR entries - you might want to
think about that when rejecting mail just because the PTR isn't valid.
Oh... and you might want to ask yourself what happens for smaller sites, where
www.foo.com and mail.foo.com point at the same address - and the PTR points at
www.foo.com or realboxname.foo.com). Issues with CNAMEs and MX entries and
the possibility of hosting multiple sites on one physical host make it even
On the other hand, at least you're not blocking 'MAIL FROM:<>'. Or if you
are, at least being discreet about it. ;)
Computer Systems Senior Engineer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20020718/4f2e7155/attachment-0006.bin
More information about the unisog