[Cialug] MTA HELO

Paul Gray gray at cs.uni.edu
Sun Jan 12 10:44:48 CST 2014


On 01/12/2014 09:35 AM, Kevin Smith wrote:
> That's my opinion as well. Relevant RFC is this I believe:
> http://www.freesoft.org/CIE/RFC/1123/90.htm
> On Jan 12, 2014 9:15 AM, "Paul Gray" <gray at cs.uni.edu> wrote:

There are two facets in play here.  Here's my take keeping in mind that
I had gotten this wrong in the past:

First off, the domain in the HELO must be a valid domain, host or
address literal.  That requirement is laid out in section 2.3.5 of the
RFC 5321.  It doesn't state that it needs to be YOUR server or YOUR
domain, it just needs to be valid so that the verification step can take
place.

During verification of the HELO step, if the specified domain doesn't
reverse resolve to the IP address of the connection, it's not supposed
to be a fatal error, as described in section 4.1.4., but you are to
instead insert headers in the message stating the lack of verification.

Which of the two situations is at play here?  Are they issuing
"notarealdomain.loc" in the HELO, or "iam.notreally.microsoft.com"?  The
former would be rejected outright because I can't do verification
lookups on a nonexistent domain, but the second would be a soft fail,
because you aren't reverse-resolving back to the domain you claim to be?

-PG





More information about the Cialug mailing list