On 24/12/22 14:22, raf wrote:
On Fri, Dec 23, 2022 at 09:51:48AM +0400, Samer Afach <samer.af...@msn.com>
wrote:
I see. Thank you for the explanation. So the right way to state this is that
HELO/EHLO requires a valid FQDN/hostname only for MTAs, and for MUAs it's
just ignored because authentication is what matters.
It's only ignored when configured to be ignored.
Perhaps a better way to put it would be like this:
Port 25 MX connections may often times check the HELO hostname, and so
you should have a valid hostname there when you push mail out to other
MTAs or you risk having your mail rejected.
Port 587 (submission) and 465 (submissions) services should not check
the HELO hostname although they technically can be configured to do so,
but any server that does will likely end up rejecting a lot of
legitimate submissions because MUAs usually don't put a valid hostname
there. These services should be using some form of authentication such
as SASL AUTH, or at the very minimum authentication based on client IP
address (although this is recommended only for clients that you must
support which do not support any other form of authentication).
Peter