RE: educating rDNS violators]

[LordInfidel () directionweb com]

point of clarification......

when you or a server connects to a smtp server, regardless of the intent,
the HELO (or EHLO for extended HELO) must be issued.  It is the same as a
SYN packet.

So when the RFC talks rejecting connections it is assuming that the HELO
command has been issued.  The HELO(EHLO) command is  the first step of
communication between mail servers and is how each server initially
identifies themselves.  This is where the smtp server get's the IP address
and or FQDN of the client.  (I use the term client because it is a
client/server connection, the sending smtp server is the client in this
scenario)

So the RFC does apply when talking about rejecting connections since all
smtp transmissions occur via HELO(EHLO).

-----Original Message-----
From: Pat Moffitt [mailto:pmoffitt () wrv com]
Sent: Thursday, September 23, 2004 5:19 PM
To: security-basics () securityfocus com
Subject: [RE: educating rDNS violators]



I am not attempting to verify the HELO Command.  I am attempting to verify
the 
IP Address of the system that is trying to make the SMTP connection.  As
such, 
this section of the RFC does not apply.  I see nothing in this RFC that
applies 
to using RDNS to reject mail connections, only on using RDNS to verify HELO 
commands.

Pat Moffitt
MIS Administrator
Western Recreational Vehicles, Inc.


-------- Original Message --------
Subject: RE: educating rDNS violators
Date: Tue, 31 Aug 2004 13:35:34 -0400
From: LordInfidel () directionweb com
To: 'Derek Schaible' <dschaible () cssiinc com>,        Niek <niek () packetstorm nu>
CC: security-basics () securityfocus com

[snip - to supply the relevent part of the message]

6. Section 5.2.5 of rfc1123 covers this quite explicitly.  Rejecting mail
based on RDNS ~~~***VIOLATES***~~~ the RFC:
http://www.faqs.org/rfcs/rfc1123.html

5.2.5  HELO Command: RFC-821 Section 3.5

[snip]