Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Mar 2017 18:12:10 +0000
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Off topic: smtp HELO question
Message-ID:  <20170306181210.3bade5d9@gumby.homeunix.com>
In-Reply-To: <1350d47b-5723-5171-3cd9-27e9b02aeb8b@FreeBSD.org>
References:  <58BD94BD.9020405@sneakertech.com> <1350d47b-5723-5171-3cd9-27e9b02aeb8b@FreeBSD.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, 6 Mar 2017 17:15:22 +0000
Matthew Seaman wrote:

> On 2017/03/06 16:56, Quartz wrote:
> > By default, if you're behind a NAT, Thunderbird sends your local IP
> > address as part of the 'hello' when connecting to a mail server,
> > which then gets stamped into the header info for all to see as the
> > email is sent down the chain.

This doesn't matter.

> > I'm trying to debug some email issues, and I suspect that this
> > initial header might be part of my problems. I can configure
> > Thunderbird to send an arbitrary string instead of a NAT IP via the
> > mail.smtpserver.smtp*.hello_argument variable, but I'm not 100% sure
> > what I can legitimately put here without getting my emails marked as
> > spam. Does this field have to match the reverse-lookup up of the
> > world-routable external IP that you send the email through, or can
> > it be any arbitrary string that matches a domain name pattern? Can
> > anyone point me to a resource that explains this in depth?  

> In particular, for the specific case of a client program like
> Thunderbird talking SMTP to a server via the Submission port (587) it
> is rare to find this sort of check.  For mail submission you generally
> identify yourself by logging into the server after switching your
> connection to TLS, which provides better proof of identity than
> forward and reverse DNS checks.  The HELO/EHLO name thing is much
> more important for MTA to MTA transmission via port 25.

There is an exception to that.

The RFC allows a fully qualified domain name or an IP address in square
brackets. A "bare" IP address, without the backets, would be an RFC
violation. SpamAssassin has rules that will punish this heavily, even on
a deep received header.

I don't know if its even possible, but it wouldn't be a good idea to
make Thunderbird use an alternate IP address as a helo if it doesn't
end-up inside brackets.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20170306181210.3bade5d9>