OOT: Mail rejected with bogus helo

Peter Farrow peter at farrows.org
Thu Apr 17 23:57:21 IST 2008

Matt Kettler wrote:
> Glenn Steen wrote:
>>>  Also, this thread is about using an IP as a HELO, which is NOT a 
>>> malformed
>>> HELO per the RFCs. Therefore it is still against the RFCs to refuse 
>>> mail
>>> because the HELO is an IP address.
>> Are you thinking "a plain word that looks like an IP address" then?
>> Cause I'm pretty sure (boy am I going to get it... Haven't reread the
>> exact wording:-) that the demand is for Ip address literals, like
>> Steve points out, not a domain name looking like an IP address...
>> Oh well.
> Erm, I'm not sure what difference you're implying exists between "a 
> plain word that looks like an IP address" and an "IP address literal". 
> I'm also not sure what you mean by "a domain name looking like an IP 
> address".
> The HELO string in question was "", sans quotes, which 
> matches RFC2821's definition of IPv4-address-literal in section 4.1.3, 
> which is in turn a sub-type of address-literal in 4.1.2. This makes it 
> 100% valid syntactically.
> Of course, exposing a non-routable IP as a HELO is obviously bogus 
> information, but it is not syntactically invalid. Thus, blocking based 
> on it is technically against the RFCs. However, I'd expect some sites 
> will block this, since the information presented is obviously invalid.
Matt has touched on what I said earlier here and I think Matts summary 
is most succinct and right on the money.  Its not valid RFC form to 
explicitly reject based on this type of  helo, but to send such an 
obviously bogus helo is really asking for trouble.  You would not get 
past my main servers with this type of helo, and it could be very simple 
to correct.   I would, in short, save yourself all the bother and just 
send a properly constructed helo that is recognisable anywhere (i.e. not 
constructed from anything in RFC1597) and definately not something like 
"localhost"  ;-)



More information about the MailScanner mailing list