[Cialug] MTA HELO
David Champion
dchamp1337 at gmail.com
Sun Jan 12 10:52:02 CST 2014
I would also add that you want to have a proper Reverse DNS entry that
matches the FQDN that your MTA reports, and it doesn't hurt to have a SPF
record for it as well.
-dc
On Sun, Jan 12, 2014 at 10:44 AM, Paul Gray <gray at cs.uni.edu> wrote:
> On 01/12/2014 09:35 AM, Kevin Smith wrote:
> > That's my opinion as well. Relevant RFC is this I believe:
> > http://www.freesoft.org/CIE/RFC/1123/90.htm
> > On Jan 12, 2014 9:15 AM, "Paul Gray" <gray at cs.uni.edu> wrote:
>
> There are two facets in play here. Here's my take keeping in mind that
> I had gotten this wrong in the past:
>
> First off, the domain in the HELO must be a valid domain, host or
> address literal. That requirement is laid out in section 2.3.5 of the
> RFC 5321. It doesn't state that it needs to be YOUR server or YOUR
> domain, it just needs to be valid so that the verification step can take
> place.
>
> During verification of the HELO step, if the specified domain doesn't
> reverse resolve to the IP address of the connection, it's not supposed
> to be a fatal error, as described in section 4.1.4., but you are to
> instead insert headers in the message stating the lack of verification.
>
> Which of the two situations is at play here? Are they issuing
> "notarealdomain.loc" in the HELO, or "iam.notreally.microsoft.com"? The
> former would be rejected outright because I can't do verification
> lookups on a nonexistent domain, but the second would be a soft fail,
> because you aren't reverse-resolving back to the domain you claim to be?
>
> -PG
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list