Double Irony! (was Re: [linux-elitists] ruben's stupid filter)

Marc MERLIN marc@merlins.org
Mon Mar 25 13:15:44 PST 2002


On Sun, Mar 24, 2002 at 11:04:01PM -0800, Dan Wilder wrote:
> > I don't  see which  RFC forbids one,  and even  if there were  to be  one, I
> > wouldn't care and do SMTP callbacks anyway.
> 
> Forgive me, I wasn't explicit.  Verifying HELO host.
> RFC1123 says "MUST NOT" about about refusing of mail after 
> HELO host fails to verify.  More's the pity.
 
Ah, HELO verifying.
I'm against it because if I send mail from my laptop or my workstation
behind a NAT firewall, you'll have a HELO that doesn't resolve back to the
IP address that you got the connection from (the NAT device).
In the case of work, my HELO would even say magic.hdqt.vasoftware.com, which
will not resolve from the outside (and it's not supposed to)
The envelope and headers do say vasoftware.com, though, as they should.

Of course, I could change the helo, but you lose the information of which
hostname the mail came from inside our net.
 
> > Do you mean forward and reverse on  the calling host? Yeah, I don't do that,
> > because it probably catches as much legitimate mail as it catches spam.
> 
> Only forward.  Reverse is a lost cause.  Too many ISPs refuse their
> customers a valid reverse record. 

I suppose you could, yeah. I'm not sure doing this catches that much spam
though.

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key



More information about the linux-elitists mailing list