From owner-freebsd-questions@freebsd.org Mon Mar 6 17:15:35 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4EC3CFB80D for ; Mon, 6 Mar 2017 17:15:35 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5555D1E80 for ; Mon, 6 Mar 2017 17:15:35 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from zero-gravitas.local (unknown [192.168.100.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 74BBCEF38 for ; Mon, 6 Mar 2017 17:15:29 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/74BBCEF38; dkim=none; dkim-atps=neutral Subject: Re: Off topic: smtp HELO question To: freebsd-questions@freebsd.org References: <58BD94BD.9020405@sneakertech.com> From: Matthew Seaman Message-ID: <1350d47b-5723-5171-3cd9-27e9b02aeb8b@FreeBSD.org> Date: Mon, 6 Mar 2017 17:15:22 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <58BD94BD.9020405@sneakertech.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NPCiBVPdQnD7AsinKwjVcr9WAqX8r3sBl" X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 17:15:35 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NPCiBVPdQnD7AsinKwjVcr9WAqX8r3sBl Content-Type: multipart/mixed; boundary="pUfq80rc9GhU4svVxRvQIm4WBtmtRRAse"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <1350d47b-5723-5171-3cd9-27e9b02aeb8b@FreeBSD.org> Subject: Re: Off topic: smtp HELO question References: <58BD94BD.9020405@sneakertech.com> In-Reply-To: <58BD94BD.9020405@sneakertech.com> --pUfq80rc9GhU4svVxRvQIm4WBtmtRRAse Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2017/03/06 16:56, Quartz wrote: > By default, if you're behind a NAT, Thunderbird sends your local IP > address as part of the 'hello' when connecting to a mail server, which > then gets stamped into the header info for all to see as the email is > sent down the chain. >=20 > I'm trying to debug some email issues, and I suspect that this initial > header might be part of my problems. I can configure Thunderbird to sen= d > an arbitrary string instead of a NAT IP via the > mail.smtpserver.smtp*.hello_argument variable, but I'm not 100% sure > what I can legitimately put here without getting my emails marked as > spam. Does this field have to match the reverse-lookup up of the > world-routable external IP that you send the email through, or can it b= e > any arbitrary string that matches a domain name pattern? Can anyone > point me to a resource that explains this in depth? The HELO or EHLO name supplied by the sending side should match what is returned by a reverse lookup on the IP the receiving side sees the traffic coming from. So if your NAT transforms internal addresses to W.X.Y.Z and a reverse lookup 'host W.X.Y.Z' returns 'foo.example.com' then you should configure your mail client to EHLO as 'foo.example.com' Note however that this is not an absolute requirement -- whether a receiving MTA checks this sort of thing is down to the individual administrator. Most do, as it is a very cheap way to dump various types of spam. In particular, for the specific case of a client program like Thunderbird talking SMTP to a server via the Submission port (587) it is rare to find this sort of check. For mail submission you generally identify yourself by logging into the server after switching your connection to TLS, which provides better proof of identity than forward and reverse DNS checks. The HELO/EHLO name thing is much more important for MTA to MTA transmission via port 25. Cheers, Matthew --pUfq80rc9GhU4svVxRvQIm4WBtmtRRAse-- --NPCiBVPdQnD7AsinKwjVcr9WAqX8r3sBl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJ8BAEBCgBmBQJYvZkxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnXmcP/jvWmNFfTnOrCa2YZLNkLTHh AP3IKKDprxXjrduz6Qt58BuiUiiZJztgtkVt5Zh41pA1ZgvkwQZEzLhOnJzpCUg5 t4h0o9/ejAdvBqCvDSK7LijMfS1wM3irhCT4dieEmFqecQgXSlvgjvUHsTX6P9nE HLLJSRupM1bVZsRk33QuSL+3FjoyuiDbQHeJ5D5wEf1MCxdshfJEkHEgyir3sdlE a7quYPzzYM7dmLlQ90EVcmgPIISUIRGL8ooFPFRI3hz49S4ScxW/2KZ7ImPB4+II oIFKGjKrimBFGtxE4KYQ2YrjaOtr40pbo2Ru16rrEdBmvlVAOfFkCdtPDW9zZOOM dEmWuatUD622FFtjhmFPt8srNA6qLIw1ZHrSi7RfWsLb3LH0uJpxZ8FsN/btOnL1 QC7aJdouAZDLo0CvkxguLRZ3v/IqJilrV7ptrUxK9NFKm4ev2c6oCTbEsPVnpNJx lRQn9WYvki4MzDOgIt1GPBWwaqrFGjMDyC5Z80FvdimuflbPvbAsVvIqMUdn1sMh MomRFOKwQTUpd8xao+7aTQN0HUS0qF4RTfDINUtKn0Dh/HXtMXXAP2bOL/P0WyA8 VN8iJNknECr6V4uHXQThNE2xf/wwDG0M2J3e7GjwRmLQi9NWAiHEGVWqiiFlneaG 9hxISBNM8qwqdoHxZ5Ru =Acjx -----END PGP SIGNATURE----- --NPCiBVPdQnD7AsinKwjVcr9WAqX8r3sBl--