[Cialug] RFC & best practices for mail server hostnames?

Pixie pix at kepibu.org
Fri Feb 1 15:35:51 CST 2013 

On 2013.02.01 14:09, Paul Gray wrote:
> On 2/1/2013 12:55 PM, Dave Weis wrote:
>> [djweis at charmed ~]$ nslookup -type=txt statefarm.com
>> Server:         67.224.64.31
>> Address:        67.224.64.31#53
>>
>> Non-authoritative answer:
>> statefarm.com   text = "v=spf1 ip4:12.34.246.0/24 ip4:204.94.39.0/24
>> ip4:204.118.102.0/24 ip4:205.166.218.0/24 ip4:205.242.228.0/23 ~all"
>
> I don't know how/why this thread went so awry, but Dave's post here is
> the crux of your answer.
>
> The IP address in the EHLO was 205.242.229.166, which falls within the
> SPF, so it's listed from SF as a valid egress mailer.
>
> There's not an RFC requirement for the IP to resolve, let alone resolve
> correctly back to the original given in the ehlo.  Rather that's an
> administrator's option in Postfix (which you seem to be using) to cut
> down on spam - just as the option to not allow any mail from IP
> addresses belonging to DHCP'd DSL lines - just as the option to not
> allow any mail from IPs found in RBLs.   Standard practice is to have
> PTR records for all IP addresses. However, there is no rule or RFC that
> says that this is required.
>
> In other words, you're not going to find a club in any of the RFCs with
> which to beat up SF.  Rather, your (local) administration policy, while
> I agree with it, is blocking RFC-compliant mail.

It is required to send /something/ in the EHLO, according to RFC 5321, 
section 2.3.5:

o  The domain name given in the EHLO command MUST be either a primary
    host name (a domain name that resolves to an address RR) or, if
    the host has no name, an address literal, as described in
    Section 4.1.3 and discussed further in the EHLO discussion of
    Section 4.1.4.

Though I don't use postfix, so I'm not sure if the log excerpts LVL 
posted mean nothing at all was send with the EHLO, or if an IP address 
rather than a hostname was sent.

Regardless, while you might not find a club in RFCs requiring the use of 
a name in the EHLO, MAAWG has something to say about it[1], at least:

   The HELO/EHLO should be configured to match the reverse lookup
   of the mailing IP so that the domain remains the same across
   the various parts of the header and connection mechanism. If
   multiple servers are used to deliver mail through the same
   externally visible IP, their HELO/EHLO should be within the
   same domain and not identify themselves as different domains
   to remain consistent.

[1] 
http://www.maawg.org/sites/maawg/files/news/MAAWG_Senders_BCP_Ver2a-updated.pdf

More information about the Cialug mailing list