On 2011-04-01 23:51:39 +0200, mouss wrote: > we're not asking them to resolve their hostname. we're only asking them > to use a "real" name. it's as easy as > myhostname = joe.example.com > > with a "joe.example.com" that exists in DNS.
But the purpose of having a host in DNS is to be able to resolve it. I mean: you can't have a real hostname in the DNS if it is on a private network (unreachable because of NAT), can you? Well... I'm not sure. See below. > I don't use reject_unknown_helo_hostname. however, I watch my dog^W log, > and I blocklist an IP that uses a "dumb" helo if it ever gets under my > attention (mostly in the case of a rejection such as "user unknown", but > also if spam filter says it is probably spam...). Using a private IP (which doesn't even break a SHOULD in the RFC's) is IMHO as dumb as a hostname that isn't in DNS. > let me state this differently: > > - there are people who are cooperative. they do everything to look good. > they work "with us". these people are welcome, and if we ever block > them, we'll apologize and whitelist them on demand > > - there are the "uncooperative" people. most of these don't know how > smtp works. we will happily accept their mail as long as it goes to > valid recipients and is not caught by filters. as soon as they trigger a > filter (including "user unknown"), there is no merci. IMHO, that's fine. > if you have a dynamic IP, it is still a good idea to use a "static" > helo. even if it doesn't resolve to your IP. I know some other people > may say the opposite (require helo to resolve to IP), Well, this doesn't make sense since a machine can have several IP addresses (e.g. because it has several physical or virtual interfaces and one doesn't necessarily know which one will be used). Now, the question is more: if the hostname is resolved, should it neccessarily correspond to the machine? More precisely, if I use host-for-smtp-only.mydomain.tld, which resolves to 127.0.0.1 (the IP address should not be used to contact the machine anyway), is it OK? Note: this hostname would be used *only* for EHLO. So, there's no risk for other protocols. > but I won't go that far (I accept mail from dynamic IPs if the > "owner" does some efforts...). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
