Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 27 Aug 2000 00:21:06 -0700
From:      Peter Wemm <peter@netplex.com.au>
To:        Peter Pentchev <roam@orbitel.bg>
Cc:        Robert Watson <rwatson@FreeBSD.ORG>, Mike Smith <msmith@FreeBSD.ORG>, Brian Fundakowski Feldman <green@FreeBSD.ORG>, Darren Reed <darrenr@reed.wattle.id.au>, "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com>, root@ihack.net, freebsd-sparc@FreeBSD.ORG, freebsd-arch@FreeBSD.ORG
Subject:   Re: Competition 
Message-ID:  <200008270721.e7R7L6G27398@netplex.com.au>
In-Reply-To: <20000823180039.G63286@ringwraith.office1.bg> 

next in thread | previous in thread | raw e-mail | index | archive | help
Peter Pentchev wrote:
> On Wed, Aug 23, 2000 at 10:51:03AM -0400, Robert Watson wrote:
> [snip Robert Watson quoting Mike Smith]
> > 
> > Actually, the check of the "helo" field is something I'd like removed: it
> > makes life very difficult for hosts behind NATs without proper SMTP
> > proxies (such as default installs of our natd, which does not include an
> > SMTP proxy :-).  It's not possible to send-pr from internal machines
> > behind my NAT without having world-visible DNS names for all my internal
> > machines.
> 
> So configure your MTA to send the NAT proxy address in the HELO; this might
> make other MTA's on your LAN unhappy, but the world outside sees a kosher
> HELO with the exact hostname of the host it's coming from.

For what it's worth, the HELO check is for a hostname that *resolves* to
something, not an exact hostname == connecting host match.

If you said 'HELO whitehouse.gov' it would be accepted.

Incidently, I'm a firm believer that non-reachable hosts shouldn't be
involved in SMTP sending at all.  The simplest and most reliable way this
should be done is to transparently proxy any outbound SMTP attempts to a
local externally visible mail gateway. This is doubly important for
dialup ISP's who desperately need to transparently proxy *both* inbound
and outbound connections.  This 1) severely cramps the style of folks who
would use the dialups for SMTP relay searching and 3rd party relay abuse,
and 2) stops 3rd parties from abusing open SMTP servers on your dialups
and getting you in trouble with open-relay list folks.

As an example of what I mean by transparent relaying for SMTP, try:
telnet 216.226.198.10 smtp
telnet 216.226.198.11 smtp
telnet 216.226.198.12 smtp
etc.  

Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008270721.e7R7L6G27398>