My primary outbound relay cluster connects through a load balancer NAT so when
it gives "helo host1.services.domain.tld" it actually reverses to the hostname
assigned to the load balancer (relay.domain.tld). there are multiple nodes
that all lookup with the single NAT IP when connecting outbound.
RobertC
(Sorry for top-posting, I can't find any options in Outlook Web to change the
reply thread settings!)
________________________________
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> on
behalf of Viktor Dukhovni <postfix-us...@dukhovni.org>
Sent: Wednesday, February 10, 2021 18:39
To: postfix-users@postfix.org
Subject: Re: client and ehlo hostname mismatch
> On Feb 10, 2021, at 9:38 PM, Eugene Podshivalov <yauge...@gmail.com> wrote:
>
> Are there any wise cases for a legitimate client to provide a valid ehlo
> hostname (which maps to some address) but that address will differ from
> the address it connects from?
I don't know about "wise", but this is not uncommon.
As an example of a less blatant mismatch, today I received a legitimate
newsletter from Cornell:
Received: from mm.list.cornell.edu (vs-01.mm.list.cornell.edu
[128.253.150.167])
The EHLO name resolves to the same IP as the connecting client, but
the PTR is a variant of that name.
Here the sort of mismatch you're asking about:
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
(mail-mw2nam12on2072c.outbound.protection.outlook.com
[IPv6:2a01:111:f400:fe5a::72c])
The EHLO name (presently) resolves to:
$ getent hosts NAM12-MW2-obe.outbound.protection.outlook.com
2a01:111:f400:fe5a::200 NAM12-MW2-obe.outbound.protection.outlook.com
$ getent hosts mail-mw2nam12on2072c.outbound.protection.outlook.com
2a01:111:f400:fe5a::72c
mail-mw2nam12on2072c.outbound.protection.outlook.com
$ getent hosts 2a01:111:f400:fe5a::72c
2a01:111:f400:fe5a::72c
mail-mw2nam12on2072c.outbound.protection.outlook.com
--
Viktor.
