>> >> RFC2821 Section 4.1.4 >> "... >> The SMTP client MUST, if possible, ensure that the domain parameter >> to the EHLO command is a valid principal host name (not a CNAME or MX >> name) for its host. If this is not possible (e.g., when the client's >> address is dynamically assigned and the client does not have an >> obvious name), an address literal SHOULD be substituted for the >> domain name and supplemental information provided that will assist in >> identifying the client. >> >> An SMTP server MAY verify that the domain name parameter in the EHLO >> command actually corresponds to the IP address of the client. >> However, the server MUST NOT refuse to accept a message for this >> reason if the verification fails: the information about verification >> failure is for logging and tracing only. >> ..." >> Now, these are the rules....
However, I still believe it is perfectly legal to refuse mail if - the HELO matches my own MX, or lists one of my IPs or - the MAIL FROM pretends to be one of my users I am currently refusing this stuff at the MTA level and suggest to authenticate (my own users would do that, if they use the server to send mails to each other) So far the only exception is ebay processing where an ebay server tries to send mail FROM a valid user on the system TO the same user (and perhaps to others) Wolfgang Hamann
