Check for helo/hostname mismatch? - ORF Forums

Check for helo/hostname mismatch? RSS Back to forum

1

Hi,

would a check for helo/hostname mismatch be useful, or is this nonsense?

Regards
Norbert

Reply
by Norbert Fehlauer more than 10 years ago
2

@Norbert Fehlauer: There is no such requirement in the RFC (i.e., that the domain name submitted in the HELO command must match the reverse name of the sender MX IP), so such rule would definitely block many legitimate emails.

Reply
by Krisztian Fekete (Vamsoft) more than 10 years ago
(in reply to this post)

3

Thanks for the answer Krisztian,

thought so, but ran across such an incident. ;)
http://social.technet.microsoft.com/Forums/de-DE/technetgenerelle_fragende/thread/9c01cebe-e62a-4e64-bf61-81a0f7658757#9c01cebe-e62a-4e64-bf61-81a0f7658757

dd6018 postfix/policyd-weight[23346]: decided action=550
Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to
correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo:
by2msftvsmtp03.phx.gbl, MTA hostname:
delivery.smtp.microsoft.com[207.46.22.101] (helo/hostname mismatch);
<client=207.46.22.101> <helo=by2msftvsmtp03.phx.gbl>

Reply
by Norbert Fehlauer more than 10 years ago
4

"The HELO receiver MAY verify that the HELO parameter really corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification."

http://www.ietf.org/rfc/rfc1123.txt (section 5.2.5)

Reply
by Krisztian Fekete (Vamsoft) more than 10 years ago
5

Yes found that too. ;) http://tools.ietf.org/html/rfc2821#page-29 does not mention it at all. ;)

Reply
by Norbert Fehlauer more than 10 years ago
6

Yes, but your missing ..

https://tools.ietf.org/html/rfc2821#section-3.6

Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs. Local nicknames or unqualified names MUST NOT be
used. There are two exceptions to the rule requiring FQDNs:

- The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.


and with policy weight. : helo/hostname mismatch FAQ says..
The client-IP and its /24 or /16 subnets are in no relation to the A/MX records of the HELO FQDN, domain and parent domains;
NEITHER A/MX records of the sender-domain or parent domains;
NEITHER does the reverse record (PTR) point to a FQDN or domain which matches the HELO FQDN or domain or parent domains nor the sender-domain or parent domains.
Or in short: no, policyd-weight does NOT block on a helo/hostname mismatch alone, but does report it as one of the most obvious issue.

- The reserved mailbox name "postmaster" may be used in a RCPT
command without domain qualification (see section 4.1.1.3) and
MUST be accepted if so used.

Reply
by Louis 8 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2