For those following Sender based authentication - a question
Dan Jenkins
dan at rastech.com
Mon Nov 22 00:27:01 EST 2004
Jeff Macdonald wrote:
> On Sun, 21 Nov 2004 23:18:20 -0500, Dan Jenkins wrote:
>
>>I was a bit too quick on the reply, the HELO in the mail header is from
>>the first mail server which accepts the message. Subsequent hops don't
>>change the initial HELO.
>
>
> I must re-read the RFCs. I was not under the impression this was so.
>
I was not clear, correct or coherent. (And it is late and I ought not to
be replying now, but getting some sleep. ;-) Having said that, I'll try
one more time. :-)
You are correct. A HELO is usually done at each mail server along the
way. It is not required in the protocol AFAIK (you can disable the
requirement for a HELO in some mail servers), but all the mail servers
I've dealt with require a HELO. So, even if not required by the RFC, it
is nowadays a de facto standard.
In any event, the mail servers record the HELO (if any) and the IP# of
each hop in the message headers. Some mail servers actually do include
the phrase "HELO" in the headers, not all do. (I think it is Sendmail
which does.)
Of course, the mail headers can be rewritten by any mail server along
the way. I've done so in special cases. The initial HELO to the mail
server is often incorrect. (I've stopped trying to use it for spam
reduction, because legitimate mail servers so frequently had bogus HELOs.)
Thanks for posting the link to the material:
http://www.csvmail.org/email-authentication-summit-comments-P044411.pdf
They are talking about amending the RFC to require authenticated HELO.
I'll have to think on this. (And not react so fast.)
It is interesting.
--
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-206-9951
*** Technical Support for over a Quarter Century
More information about the gnhlug-discuss
mailing list