On Wednesday 21 February 2007 14:09, Les Mikesell wrote: > Nick Leverton wrote: > > I'm not sure which part of RFC 2821 you're referring to when you talk > > about "breaking SMTP" in the context of rDNS checking. > > 4.1.4 > "An SMTP server may verify that the domain name parameter in the EHLO > command actually corresponds to the IP address of the client. However, > the server must not refuse to accept a message for this reason if the > verification fails: the information about verification failure is for > logging and tracing only." > > Note the "MUST NOT refuse" if the sender IP check fails. It recognizes > that many hosts are multi-homed (and these days, behind NAT) and there > is no reason to expect/require a correspondence between a DNS name and > the sending IP.
Thanks for the pointer. I think though that that's saying you mustn't reject the connection just because the IP address doesn't match the forward-DNS for the HELO name. I could, with a bit of loose parsing, also read it as a prohibition on rejecting when rDNS name doesn't match the HELO name, but neither of those is what I was (attempting to!) discuss. I was under the impression we were discussing rejections on no rDNS at all, so apologies if I wasn't following the right bit of the thread closely enough. Nick
