On 18 Nov 2019, at 8:55, Gregory Heytings wrote:
Hi,
I know it’s an RFC violation, but I see no email that is delivered
with a bare IP helo that is legitimate.
That might be your experience, but RFC 2821 (3.6) and RFC 5321 (2.3.5
and 4.1.4) explicitly state that an address literal can be used after
HELO/EHLO. So it's a RFC violation to reject mail for that sole
reason.
How much legitimate mail do you get with an IP helo?
Two other users replied to your question. For real-world mail
servers, my experience is that the only safe restriction (safe = no
false positives) is "reject_unknown_reverse_client_hostname".
Irrelevant to HELO argument filtering.
With other restrictions, your users will never receive emails from
administrations, schools, hospitals, etc., not even in their spam box.
Rejecting mail is a far better choice than delivering to a 'spam box'
since most users never bother looking there for anything. Rejections at
least stand some chance of making enough noise on the sender side to get
misconfigurations fixed.
FWIW, across multiple mail systems and decades, I have never needed to
exempt external sources from a requirement that a HELO/EHLO argument
must contain letters and do not recall ever seeing a legitimate mail
source using an IP literal or bare IP in HELO/EHLO in cases where such a
restriction was impossible. Obviously your mail stream may differ,
particularly if you accommodate submission on port 25.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
