|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RBL-type BGP service for known rogue networks?
On Mon, Jul 10, 2000 at 11:10:35AM -0400, Greg A. Woods wrote:
>
> However I should have listed the other requirement that I thought was
> self-obvious since we're talking about SMTP here. I.e. I don't ever
> accept e-mail from anything less than the most strictly conforming SMTP
> implementations. You're violating part one of RFC 1123 section #5.2.5.
> The name given by your SMTP server in the HELO "MUST" be a canonical
> hostname. It must not be a CNAME.
Oh, you wanna go there?
5.2.5 HELO Command: RFC-821 Section 3.5
The sender-SMTP MUST ensure that the <domain> parameter in a
HELO command is a valid principal host domain name for the
client host. As a result, the receiver-SMTP will not have to
perform MX resolution on this name in order to validate the
HELO parameter.
The HELO receiver MAY verify that the HELO parameter really
corresponds to the IP address of the sender. However, the
receiver MUST NOT refuse to accept a message, even if the
sender's HELO command fails verification.
Hmm. MUST NOT refuse. Who's violating the RFC here, again?
*ANYBODY* using sendmail from a dynamic IP is either going to do this, or
worse. RFC 1123 requires you to live with it.
If you choose not to, don't wave the damn RFC around like a magic shield.
CNAMEs are "valid principal host domain name[s]". Nothing in the RFC
says it can't be a CNAME, but something in the RFC says you have to accept
it even if it's flat-out wrong or a lie.
Your thin ice just cracked, Greg. Admit you're wrong and get on with your
life.
You're not running an RFC 1123-compliant mail setup at present.
Attachment:
pgp00030.pgp
|