On 10/03/17 12:44, Viktor Dukhovni wrote:
On Mar 9, 2017, at 8:22 PM, MRob<mro...@insiberia.net> wrote:
So is there any restriction that compares the client IP mapping with the HELO
hostname?
Nothing built-in
Is that a bad idea?
Yes.
Unless the system you're receiving email from publishes a CSA record.
You would need to write a policy daemon to check for the presence of CSA
records, and I don't believe it's widely deployed so it would be of
little benefit. There is also reference to the helo name in SPF
specification, although I believe this is usually as a fallback for
bounces (i.e. apply spf on the helo name when you see mail from:<>) and
I wouldn't be surprised if many sites didn't have their spf records set
up correctly in regards to helo/ehlo.
