OOT: Mail rejected with bogus helo

mikea mikea at mikea.ath.cx
Thu Apr 17 19:00:45 IST 2008 

On Thu, Apr 17, 2008 at 12:59:52PM -0400, Matt Kettler wrote:
> Glenn Steen wrote:
> 
> >
> >> Also, this thread is about using an IP as a HELO, which is NOT a 
> >> malformed
> >>HELO per the RFCs. Therefore it is still against the RFCs to refuse mail
> >>because the HELO is an IP address.
> >Are you thinking "a plain word that looks like an IP address" then?
> >Cause I'm pretty sure (boy am I going to get it... Haven't reread the
> >exact wording:-) that the demand is for Ip address literals, like
> >Steve points out, not a domain name looking like an IP address...
> >Oh well.
> 
> Erm, I'm not sure what difference you're implying exists between "a plain 
> word that looks like an IP address" and an "IP address literal". I'm also 
> not sure what you mean by "a domain name looking like an IP address".

> The HELO string in question was "10.10.16.24", sans quotes, which matches 
> RFC2821's definition of IPv4-address-literal in section 4.1.3, which is in 
> turn a sub-type of address-literal in 4.1.2. This makes it 100% valid 
> syntactically.

With respect, I have to differ with you. This point arises from time 
to time on other lists, and I had to be educated about it myself. 

<mode "rules-lawyer">

It's precisely the difference between "[10.10.16.24]" and "10.10.16.24",
and the semantics associated with those differences in the text of the 
RFC. 

"10.10.16.24", sans quotes, does not match RFC2821's definition of 
IPv4-address literal in section 4.1.3, because it is not enclosed in 
brackets ("[]"), as required by section 4.1.3: 

: 4.1.3 Address Literals
: 
:    Sometimes a host is not known to the domain name system and
:    communication (and, in particular, communication to report and repair
:    the error) is blocked.  To bypass this barrier a special literal form
:    of the address is allowed as an alternative to a domain name.  For
:    IPv4 addresses, this form uses four small decimal integers separated
:    by dots and enclosed by brackets such as [123.255.37.2], which
:    indicates an (IPv4) Internet Address in sequence-of-octets form.

Instead, "10.10.16.24", sans quotes, is a domain name with a Top-Level
Domain "24", just as "foo.example.com" is a domain name with Top-Level
Domain "com". See section 2.3.5, and the BNF definition of "Domain" in
section 4.1.2, of RFC2821.

> Of course, exposing a non-routable IP as a HELO is obviously bogus 
> information, but it is not syntactically invalid. Thus, blocking based on 
> it is technically against the RFCs. However, I'd expect some sites will 
> block this, since the information presented is obviously invalid.

Au contraire, it is syntactically invalid because the brackets, which
are required, are absent: "[10.10.16.24]" is syntactically valid as an 
address literal, while "10.10.16.24" is not -- sans quotes in both 
cases, of course. 

</mode>

To put it in the mildest of terms, I agree that it is not good practice
to expose as a HELO a non-routable IP written as an address literal. but
that's not what I'm blocking on at my shop.

-- 
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin

More information about the MailScanner mailing list