On Mon, 03 Aug 2009 12:18:53 +0200, Willy De la Court <w...@linux-lovers.be> wrote: > On Mon, 03 Aug 2009 11:14:10 +0200, Robin Smidsrød <ro...@smidsrod.no> > wrote: >> I read John Peach's response to a mail regarding the Postfix option to >> reject non-FQDN HELO transactions. >> >> http://www.irbs.net/internet/postfix/0302/0183.html >> >> He states that Joris Benschop is correct in that email. >> >> I was scanning through RFC 821 (and also through RFC2821 which has >> superseeded it) and I cannot find the quote referenced in the message >> above in either of those documents. >> >> Where can I find an official reference which validates what he stated in >> the message above? >> >> As far as I can tell, section 5.2.5 does not exist in in RFC821 and >> section 3.5 does not contain the quote specified in the above mentioned >> message. >> >> I used these references to verify the content of the RFCs. >> >> http://www.ietf.org/rfc/rfc821.txt >> http://www.ietf.org/rfc/rfc2821.txt >> http://www.faqs.org/rfcs/rfc821.html >> http://www.faqs.org/rfcs/rfc2821.html > > rfc2821 contains the following > > - the clarifications and applicability statements in RFC 1123 [2], > > and rfc1123 > > http://www.freesoft.org/CIE/RFC/1123/index.htm > > contains > > http://www.freesoft.org/CIE/RFC/1123/90.htm > > where it states > > The sender-SMTP MUST ensure that the <domain> parameter in a HELO command > is a valid principal host domain name for the client host. As a result, > the > receiver-SMTP will not have to perform MX resolution on this name in order > to validate the HELO parameter. > > The HELO receiver MAY verify that the HELO parameter really corresponds > to > the IP address of the sender. However, the receiver MUST NOT refuse to > accept a message, even if the sender's HELO command fails verification. > > > So it seems it's not allowed to refuse msgs when the HELO is incorrect. >
and this I found in the rfc2821 If the EHLO command is not acceptable to the SMTP server, 501, 500, or 502 failure replies MUST be returned as appropriate. The SMTP server MUST stay in the same state after transmitting these replies that it was in before the EHLO was received. The SMTP client MUST, if possible, ensure that the domain parameter to the EHLO command is a valid principal host name (not a CNAME or MX name) for its host. If this is not possible (e.g., when the client's address is dynamically assigned and the client does not have an obvious name), an address literal SHOULD be substituted for the domain name and supplemental information provided that will assist in identifying the client. An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the information about verification failure is for logging and tracing only. and the same for the EHLO >> >> The main.cf options I'm referring to are these: >> >> http://www.postfix.org/postconf.5.html#reject_non_fqdn_helo_hostname >> http://www.postfix.org/postconf.5.html#reject_unknown_helo_hostname >> >> Apparently RFC2821 also allows IP-adress syntax (see section 4.1.1.1). >> >> Can someone enlighten me as to what is actually correct behaviour >> according to RFC? >> >> Regards, >> Robin Smidsrød -- Simple things make people happy. Willy De la Court PGP Public Key at http://www.linux-lovers.be/download/public_key.asc PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
