[milters] Archive

Lists Index Date Thread Search

Article: 1837
From: Anthony Howe
Date: 2008-03-01 07:16:24 -0500
Subject: Re: rejecting mail on invalid HELO with milter-spiff

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Michael Grant uttered...:
> Using milter-spiff, is it common to reject mail when the SPF record
> fails for the HELO command?  For example:
> 
>     helo-policy=softfail-tag,fail-reject
> 
> I've been using this for a while and have not had many problem, the
> ones I have had were sites with badly configured spf records (who
> corrected them).  I'm just curious if a lot of other folks reject mail
> based on the HELO?

I don't as a rule, because the HELO argument has become notoriously 
misused over the years as more an more inexperienced people act as 
sys.admins. In particular, a host on a private LAN behind a NAT 
firewall, might

	HELO [192.168.0.1]
or	
	HELO mailhub.localdomain

or similar nonsense. Essentially the HELO argument might reflect 
internal names or IP address, which will fail to match the SPF record. 
With softfail-tag at least you allow the message through with a tagged 
subject line. However, softfail-reject would probably be a bad idea.

On the other hand, if a site setups an SPF record, they must have read 
something about it and have a small clue as to what they're doing. 
Therefore they should be prepared to make corrections to the SPF record 
and/or make sure that their mail hosts HELO with a publicly visible name 
in order to pass the test.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561          BarricadeMX & Milters
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search