SMTP-HELO clarification

classic Classic list List threaded Threaded
3 messages Options
rfc
Reply | Threaded
Open this post in threaded view
|

SMTP-HELO clarification

rfc

we've problems with some MTA-admins, which interpret the rfc in
another way, than we do.

maybe someone could help to clarify.

rfc 1123, section 5.2.5, page 50f says, that the receiver may verify
the HELO-parameter, but MUST NOT refuse acceptance on failure.

rfc 2821 (which updates, but not obsoletes rfc 1123), section 4.1.1.1,
page 29 describes, how HELO has to be used and how the parameter
should look like, but does not explicitly refer to rfc 1123, how the
parameter-content has to be interpreted.

as we understand the rfc-mechanisms, rfc 2821 don't need to refer
explicitly to certain parts of rfc 1123, except when it makes a change
or limit to that rfc.

unfortunately some MTA-admins doesn't match this and say, that rfc
1123 has been updated by rfc 2821 and doesn't repeat the relevant
section, so this won't be valid any more.

(the result is, they reject messages because of HELO/hostname-mismatches)

so, who is right on interpretation of the RFCs?

and: is there any RFC, which defines, that the FQDN-parameter of the HELO
1. *MUST* match the reverse-mapping of the used IP-address?
2. *MUST* resolve to the used IP-address?

rfc 2821 only say, that if no FQDN is available, an address-literal
should be used.

thanks.

best regards

j.
_______________________________________________
rfc-interest mailing list
[hidden email]
https://www.rfc-editor.org/mailman/listinfo/rfc-interest
Reply | Threaded
Open this post in threaded view
|

Re: SMTP-HELO clarification

Viktor Dukhovni-2

> On Sep 18, 2017, at 10:12 AM, [hidden email] wrote:

[ No idea what forum this discussion belongs on, if any,
  but probably [rfc-i] is not it.  If the discussion
  continues, it should probably move to a more appropriate
  list.  For the moment "Reply-To" is still [rfc-i], as I
  don't have a better list at my fingertips. ]

>
> We've problems with some MTA-admins, which interpret the rfc in
> another way, than we do.

They are not interpreting an RFC they are operating a mail server
in whatever way they think works best for them.  The spam wars
long ago ended any pretense that RFC-compliance is sufficient for
reliable email delivery to all parties.

> Unfortunately some MTA-admins [...] reject messages because of
> HELO/hostname-mismatches)

They choose to do so because they don't lose much email they
care about, and believe that this helps them to reject much
email they'd rather refuse.

> so, who is right on interpretation of the RFCs?

That's not the right question, I'm afraid.

> Is there any RFC, which defines, that the FQDN-parameter of the HELO
> 1. *MUST* match the reverse-mapping of the used IP-address?
> 2. *MUST* resolve to the used IP-address?

Not exactly, but close, RFC5321 section 2.3.5 says in part:

   Only resolvable, fully-qualified domain names (FQDNs) are permitted
   when domain names are used in SMTP.  In other words, names that can
   be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
   in Section 5) are permitted, as are CNAME RRs whose targets can be
   resolved, in turn, to MX or address RRs.  Local nicknames or
   unqualified names MUST NOT be used.  There are two exceptions to the
   rule requiring FQDNs:

   o  The domain name given in the EHLO command MUST be either a primary
      host name (a domain name that resolves to an address RR) or, if
      the host has no name, an address literal, as described in
      Section 4.1.3 and discussed further in the EHLO discussion of
      Section 4.1.4.

And section 4.1.4 goes on to say:

   An SMTP server MAY verify that the domain name argument in the EHLO
   command actually corresponds to the IP address of the client.
   However, if the verification fails, the server MUST NOT refuse to
   accept a message on that basis.  Information captured in the
   verification attempt is for logging and tracing purposes.  Note that
   this prohibition applies to the matching of the parameter to its IP
   address only; see Section 7.9 for a more extensive discussion of
   rejecting incoming connections or mail messages.

So the EHLO name, if not an address literal, MUST [at least] be a
real FQDN hostname that resolves to an address, but servers are
SUPPOSED TO NOT reject on the basis of conditions 1 or 2 failing.

However, in real life some servers do that, and may not accept mail
where the EHLO domain is an address literal.  If you want to be able
to deliver email to these domains, you'll need to play by their rules.

--
        Viktor.

_______________________________________________
rfc-interest mailing list
[hidden email]
https://www.rfc-editor.org/mailman/listinfo/rfc-interest
Reply | Threaded
Open this post in threaded view
|

Re: SMTP-HELO clarification

Adam Roach-3
On 9/18/17 11:42 AM, Viktor Dukhovni wrote:
> [ No idea what forum this discussion belongs on, if any,
>    but probably [rfc-i] is not it.  If the discussion
>    continues, it should probably move to a more appropriate
>    list.  For the moment "Reply-To" is still [rfc-i], as I
>    don't have a better list at my fingertips. ]


Given that the DRUMS WG concluded in 2001, I suspect that your most
likely community of interest/expertise would be [hidden email].  I would
suggest that any further discussion on the topic move there.

/a

_______________________________________________
rfc-interest mailing list
[hidden email]
https://www.rfc-editor.org/mailman/listinfo/rfc-interest