[Maybe OT] - RFC compliance checking at session

Rick Cooper rcooper at dwford.com
Fri Feb 29 21:36:43 GMT 2008 

 

 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info 
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On 
 > Behalf Of Richard Frovarp
 > Sent: Friday, February 29, 2008 3:49 PM
 > To: MailScanner discussion
 > Subject: Re: [Maybe OT] - RFC compliance checking at session
 > 
 > Rick Cooper wrote:
 > >
 > >     
 > -------------------------------------------------------------
 > -----------
 > >     *From:* mailscanner-bounces at lists.mailscanner.info
 > >     [mailto:mailscanner-bounces at lists.mailscanner.info] 
 > *On Behalf Of
 > >     *Hostmaster
 > >     *Sent:* Friday, February 29, 2008 10:06 AM
 > >     *To:* MailScanner discussion
 > >     *Subject:* [Maybe OT] - RFC compliance checking at session
[...]
 >
 > >     I also run Exim and I have a !hosts =
 > >     /ListOfDickHeadsIHaveToAccept before each compliance check
 > >     condition. For instance a Zurich subsidiary that helo'd as
 > >     something_stupid.local, no RDNS, they did about everything but
 > >     spit on the RFCs and we had to have thier mail. I put 
 > them in the
 > >     list, inform the maintainers and remove them after 90 
 > days and see
 > >     what happens. The file can be just a flat text file in 
 > the format of
 > >
 > >     10.10.10.10 # Remove in April
 > >
 > >     10.10.10.1 # Remove In May
 > >
 > >     They do not, of course, get a pass around virus, 
 > attachment, etc
 > >     checking, just compliance checks.
 > >
 > >     Rick
 > >
 > 
 > I thought that rejecting on helo alone was against the RFCs.
 
I admit that rejecting on helo alone is a violation and I thought about it
long and hard before implementing. RFC 821 was written in, I believe, 1984
and the world has changed. In 1984 spam was a nasty kind of meat (except of
course in Hawaii where it's primo food). 821 clearly states a MUST ensure
the domain parameter is a valid principle domain name for the client host.
It then states the receiver MUST NOT refuse if the helo validation fails and
then has a note that the helo argument must still have a valid domain syntax
otherwise a 501 error is to be sent. And of course later RFCs state that if
a host doesn't have a valid FQDN the dotted quad IP should be sent inside
square brackets in the form of [xxx.xxx.xxx.xxx]. 

That is just to obtuse and in today's world it doesn't make sense. RFC 821
even states the suggested procedure to use when a helo is invalid is to
insert a note in the message header and gives the received header as an
example. Now according to RFC 821 if I am MX mail.somedomain.com and I
reside at IP 10.10.10.1 and a host residing at 10.9.1.1 helos as
mail.somedomain.com I should accept the message even though this is
*clearly* an attempt to circumvent security... I just don't buy that. In
fact if you helo as any host from any domain under our company control and
your IP places you outside any of the associated IPS I will drop the session
right there as well. So yes, I am sorry to say that is one RFC section I
will violate. But if I can validate any part of the helo, I will accept the
message. But sans RDNS, heloing as BILLS_ROOM.local is getting the door
slammed for sure. You give a proper helo, have something like proper DNS and
even if you are a host on comcast's dynamic pool you will get past the helo,
probably won't get very far past it but you will get past it.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list