You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by "David F. Skoll" <df...@roaringpenguin.com> on 2011/11/24 21:39:13 UTC

HELO checking (was Re: new paradigm)

On Thu, 24 Nov 2011 15:31:59 -0500
Michael Scheidell <mi...@secnap.com> wrote:

> I wonder what the rfc's say about helo line not matching dns:

> Received: from mail.apache.org (hermes.apache.org
> [140.211.11.3])

RFC 5321 strongly hints that that is no reason to reject mail.

   An SMTP server MAY verify that the domain name argument in the EHLO
   command actually corresponds to the IP address of the client.
   However, if the verification fails, the server MUST NOT refuse to
   accept a message on that basis.

This doesn't exactly cover your situation... in your situation, the
machine calls itself mail.apache.org but 140.211.11.3 reverse-resolves
to hermes.apache.org.  mail.apache.org, however, resolves to
140.211.11.3.  So I would say rejecting mail because of this type of
mismatch is against the spirit of the RFC.

Regards,

David.