>
>
>On 3/9/2005 3:29 PM, List Mail User wrote:
>
>>> See section 3.6 of RFC 2821:
>>>
>>> | - The domain name given in the EHLO command MUST BE either a
>>> primary | host name (a domain name that resolves to an A RR) or,
>>> if the host | has no name, an address literal as described in
>>> section 4.1.1.1.
>
>> 3.6 Domains
>
>> used. There are two exceptions to the rule requiring FQDNs: ..."
>>
>> Nothing in either the section you have quoted, or the one I have allows
>> a hostname which is not a FQDN to be used.
>
>see the first "exception", which is the text I cited above.
>
>>> Technically, addresses that are NOT enclosed in brackets are illegal,
>>> but those are the only ones that SA sniffs out currently.
>>
>> Of course, my machines just refuse these during the SMTP conversation,
>
>Many do.
>
>BTW, postfix has similar problems wrt literals. For example, if postfix
>gets a regular address (non-literal) in the HELO, it will split the
>address into octets and do lookups for PERMIT/REJECT ACLs on incrementally
>smaller sets, which is all very nice. But if it finds a literal, it
>doesn't parse for the address inside, and treats the literal like a domain
>name. Another bug here is that the strict-syntax checks in postfix don't
>match against non-literal addresses, which it should (RFC1123 spells out
>what is a valid hostname, and all-numerics is clearly not legal).
>
>> Please be careful and check the definitions and references in each
>> document
>
>indeed
>
>--
>Eric A. Hall http://www.ehsco.com/
>Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
>
Postfix option "reject_invalid_hostname" will reject bare
IPs (when used in the "smtpd_helo_restrictions" section of main.cf).
Paul Shupak
[EMAIL PROTECTED]
P.S. I see hundreds of connection attempts rejected every day becuase of this.
