From: Anthony Howe
Date: 2008-03-01 07:16:24 -0500
Subject: Re: rejecting mail on invalid HELO with milter-spiff
More information..: http://www.milter.info/#Support
Michael Grant uttered...:
> Using milter-spiff, is it common to reject mail when the SPF record
> fails for the HELO command? For example:
> I've been using this for a while and have not had many problem, the
> ones I have had were sites with badly configured spf records (who
> corrected them). I'm just curious if a lot of other folks reject mail
> based on the HELO?
I don't as a rule, because the HELO argument has become notoriously
misused over the years as more an more inexperienced people act as
sys.admins. In particular, a host on a private LAN behind a NAT
or similar nonsense. Essentially the HELO argument might reflect
internal names or IP address, which will fail to match the SPF record.
With softfail-tag at least you allow the message through with a tagged
subject line. However, softfail-reject would probably be a bad idea.
On the other hand, if a site setups an SPF record, they must have read
something about it and have a small clue as to what they're doing.
Therefore they should be prepared to make corrections to the SPF record
and/or make sure that their mail hosts HELO with a publicly visible name
in order to pass the test.
Anthony C Howe Skype: SirWumpus SnertSoft
+33 6 11 89 73 78 ICQ: 7116561 BarricadeMX & Milters
Copyright 2009, 2012 by SnertSoft. All rights reserved.