From owner-freebsd-questions@freebsd.org Mon Mar 6 18:12:17 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33BB1CFB97F for ; Mon, 6 Mar 2017 18:12:17 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wm0-x242.google.com (mail-wm0-x242.google.com [IPv6:2a00:1450:400c:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B95811E57 for ; Mon, 6 Mar 2017 18:12:16 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by mail-wm0-x242.google.com with SMTP id n11so15093513wma.0 for ; Mon, 06 Mar 2017 10:12:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=k5qEIz29g7h88uiW9v4F8Jd2D56ZM/cgBXevpHobiZA=; b=s0eb1UwuIn3lw0DVppJsFyf8uIdxstazi267IxxiIEOoqq+h8ti40GPYmX9otQ9KeV 5D0yTXdTDAifmNTw17B95dDYZbsvI9aBiO1I4g7GaDWDL7gcNWj90L1ded/PeFDEnCg6 CtnzOq/z2rw5n0UHa8WbUmoKi7T7bAXKuvXE+jrr6ThLJtcMLwqu4wn0aTXFcz7yjwow reFa8jveRiLxcl/MidWdA94gr34RZLhxFvgP07C/hznalJgW8U3ZWlrf4xet8ZEBIEYD jK/wFbPCvFrWhhoxx/L+Z01bFt9YFbVCl/j9NaopbHgKltWNw3nn8KDJrvHR/cAZCSQz Du2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k5qEIz29g7h88uiW9v4F8Jd2D56ZM/cgBXevpHobiZA=; b=WA27kH0H9nQXC9fxTC6KVNV+kKQ8rnkdN7ck54zyyUzmw73DpLi2UscrKIuf8VpUtc 4bzHO1g/HKzWpu/veOerbgJEo0804qPJP4Buu8rUPA17Ly76mDHKpYcph7tQ05OdqCYV ktYiFvtUXo/8b8EaDgRBqLz4M8aEiCxwE8c5aRA/LfUINyND2SAU6g5MjEJGBBP6Evdr u08YvT202hFiyAwI8ioU1+vSItKNso6EH7vTcUZ0aOYFmQGeCnKzURyH3nrDHgMl5Ybo FW8haJ7/vE/jyh6amYLFVLbwPXPE/zE6imP7oX9PNvPIRXO6yCL/kU07F1IzPbF09OPP LNfg== X-Gm-Message-State: AMke39mxeCxUq5y+GgpAFS7lw7Fk8Uw6OoTzlQIWmMojRCjWm/Sc+QVjJt3H9ATQl9+WSQ== X-Received: by 10.28.149.208 with SMTP id x199mr14442521wmd.91.1488823934611; Mon, 06 Mar 2017 10:12:14 -0800 (PST) Received: from gumby.homeunix.com ([81.17.24.158]) by smtp.gmail.com with ESMTPSA id m186sm9417939wmd.21.2017.03.06.10.12.12 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 06 Mar 2017 10:12:14 -0800 (PST) Date: Mon, 6 Mar 2017 18:12:10 +0000 From: RW To: freebsd-questions@freebsd.org Subject: Re: Off topic: smtp HELO question Message-ID: <20170306181210.3bade5d9@gumby.homeunix.com> In-Reply-To: <1350d47b-5723-5171-3cd9-27e9b02aeb8b@FreeBSD.org> References: <58BD94BD.9020405@sneakertech.com> <1350d47b-5723-5171-3cd9-27e9b02aeb8b@FreeBSD.org> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.29; amd64-portbld-freebsd10.3) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 18:12:17 -0000 On Mon, 6 Mar 2017 17:15:22 +0000 Matthew Seaman wrote: > On 2017/03/06 16:56, Quartz wrote: > > By default, if you're behind a NAT, Thunderbird sends your local IP > > address as part of the 'hello' when connecting to a mail server, > > which then gets stamped into the header info for all to see as the > > email is sent down the chain. This doesn't matter. > > I'm trying to debug some email issues, and I suspect that this > > initial header might be part of my problems. I can configure > > Thunderbird to send an arbitrary string instead of a NAT IP via the > > mail.smtpserver.smtp*.hello_argument variable, but I'm not 100% sure > > what I can legitimately put here without getting my emails marked as > > spam. Does this field have to match the reverse-lookup up of the > > world-routable external IP that you send the email through, or can > > it be any arbitrary string that matches a domain name pattern? Can > > anyone point me to a resource that explains this in depth? > In particular, for the specific case of a client program like > Thunderbird talking SMTP to a server via the Submission port (587) it > is rare to find this sort of check. For mail submission you generally > identify yourself by logging into the server after switching your > connection to TLS, which provides better proof of identity than > forward and reverse DNS checks. The HELO/EHLO name thing is much > more important for MTA to MTA transmission via port 25. There is an exception to that. The RFC allows a fully qualified domain name or an IP address in square brackets. A "bare" IP address, without the backets, would be an RFC violation. SpamAssassin has rules that will punish this heavily, even on a deep received header. I don't know if its even possible, but it wouldn't be a good idea to make Thunderbird use an alternate IP address as a helo if it doesn't end-up inside brackets.