[29943] in North American Network Operators' Group
Re: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (Shawn McMahon)
Mon Jul 10 11:40:29 2000
Date: Mon, 10 Jul 2000 11:38:23 -0400
From: Shawn McMahon <smcmahon@eiv.com>
To: nanog@merit.edu
Message-ID: <20000710113823.C23107@eiv.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="xesSdrSSBC0PokLI"
Content-Disposition: inline
In-Reply-To: <20000710151035.A41E6E0@proven.weird.com>; from woods@weird.com on Mon, Jul 10, 2000 at 11:10:35AM -0400
Errors-To: owner-nanog-outgoing@merit.edu
--xesSdrSSBC0PokLI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jul 10, 2000 at 11:10:35AM -0400, Greg A. Woods wrote:
>=20
> However I should have listed the other requirement that I thought was
> self-obvious since we're talking about SMTP here. I.e. I don't ever
> accept e-mail from anything less than the most strictly conforming SMTP
> implementations. You're violating part one of RFC 1123 section #5.2.5.
> The name given by your SMTP server in the HELO "MUST" be a canonical
> hostname. It must not be a CNAME.
Oh, you wanna go there?
5.2.5 HELO Command: RFC-821 Section 3.5
=20
The sender-SMTP MUST ensure that the <domain> parameter in a
HELO command is a valid principal host domain name for the
client host. As a result, the receiver-SMTP will not have to
perform MX resolution on this name in order to validate the
HELO parameter.
=20
The HELO receiver MAY verify that the HELO parameter really
corresponds to the IP address of the sender. However, the
receiver MUST NOT refuse to accept a message, even if the
sender's HELO command fails verification.
Hmm. MUST NOT refuse. Who's violating the RFC here, again?
*ANYBODY* using sendmail from a dynamic IP is either going to do this, or
worse. RFC 1123 requires you to live with it.
If you choose not to, don't wave the damn RFC around like a magic shield.
CNAMEs are "valid principal host domain name[s]". Nothing in the RFC
says it can't be a CNAME, but something in the RFC says you have to accept
it even if it's flat-out wrong or a lie.
Your thin ice just cracked, Greg. Admit you're wrong and get on with your
life.
You're not running an RFC 1123-compliant mail setup at present.
--xesSdrSSBC0PokLI
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ae3vEcl9bQ0RMt0RAuyJAJ9lY1rJIJNZEkcnh5nrsYgz7OORgQCgvr+X
6b1bLvjilYtEvuyc0T4vLro=
=T32+
-----END PGP SIGNATURE-----
--xesSdrSSBC0PokLI--
