OOT: Mail rejected with bogus helo

mikea mikea at mikea.ath.cx
Thu Apr 17 19:00:45 IST 2008

On Thu, Apr 17, 2008 at 12:59:52PM -0400, Matt Kettler wrote:
> Glenn Steen wrote:
> >
> >> Also, this thread is about using an IP as a HELO, which is NOT a 
> >> malformed
> >>HELO per the RFCs. Therefore it is still against the RFCs to refuse mail
> >>because the HELO is an IP address.
> >Are you thinking "a plain word that looks like an IP address" then?
> >Cause I'm pretty sure (boy am I going to get it... Haven't reread the
> >exact wording:-) that the demand is for Ip address literals, like
> >Steve points out, not a domain name looking like an IP address...
> >Oh well.
> Erm, I'm not sure what difference you're implying exists between "a plain 
> word that looks like an IP address" and an "IP address literal". I'm also 
> not sure what you mean by "a domain name looking like an IP address".

> The HELO string in question was "", sans quotes, which matches 
> RFC2821's definition of IPv4-address-literal in section 4.1.3, which is in 
> turn a sub-type of address-literal in 4.1.2. This makes it 100% valid 
> syntactically.

With respect, I have to differ with you. This point arises from time 
to time on other lists, and I had to be educated about it myself. 

<mode "rules-lawyer">

It's precisely the difference between "[]" and "",
and the semantics associated with those differences in the text of the 

"", sans quotes, does not match RFC2821's definition of 
IPv4-address literal in section 4.1.3, because it is not enclosed in 
brackets ("[]"), as required by section 4.1.3: 

: 4.1.3 Address Literals
:    Sometimes a host is not known to the domain name system and
:    communication (and, in particular, communication to report and repair
:    the error) is blocked.  To bypass this barrier a special literal form
:    of the address is allowed as an alternative to a domain name.  For
:    IPv4 addresses, this form uses four small decimal integers separated
:    by dots and enclosed by brackets such as [], which
:    indicates an (IPv4) Internet Address in sequence-of-octets form.

Instead, "", sans quotes, is a domain name with a Top-Level
Domain "24", just as "foo.example.com" is a domain name with Top-Level
Domain "com". See section 2.3.5, and the BNF definition of "Domain" in
section 4.1.2, of RFC2821.

> Of course, exposing a non-routable IP as a HELO is obviously bogus 
> information, but it is not syntactically invalid. Thus, blocking based on 
> it is technically against the RFCs. However, I'd expect some sites will 
> block this, since the information presented is obviously invalid.

Au contraire, it is syntactically invalid because the brackets, which
are required, are absent: "[]" is syntactically valid as an 
address literal, while "" is not -- sans quotes in both 
cases, of course. 


To put it in the mildest of terms, I agree that it is not good practice
to expose as a HELO a non-routable IP written as an address literal. but
that's not what I'm blocking on at my shop.

Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin 

More information about the MailScanner mailing list