Discussion:
'reject_unknown_helo_hostname' shouldn't exist
Nikolas Kallis
2013-05-13 08:01:55 UTC
Permalink
Hello,



Postfix's documentation quotes for 'reject_unknown_helo_hostname':
"Reject the request when the HELO or EHLO hostname has no DNS A or MX
record."


Under '3.6 Domains' of RFC 2821 it says:

"Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs."


I have seen in Postfix's documentation that it caters for 'home-grown'
software for some attributes. Catering for POS software isn't being
standard compliant.

As it is a requirnment for a RFC 2821 compliant SMTP server to have a
resolvable A and MX record, then 'reject_unknown_helo_hostname'
shouldn't even exist, instead Postfix should be rejecting the connection
all together.
Assuming this is why 'reject_unknown_helo_hostname' exists; the
home-brewer should get his software right, instead of expecting others
to make exceptions for his lack of skill.

If Postfix was compliant with RFC 2821 in this respect, I wouldn't have
had to of wasted half my day. This is the whole point of standards.



Regards,

Nikolas Kallis
hydra
2013-05-13 13:12:01 UTC
Permalink
Hello Nikolas,
not everybody respects the RFCs. A time ago, I enabled this setting on a
production machine, however lots of legit mail was blocked due to this. So
I mailed the postmasters of such domains to be RFC compiliant but many of
them not even responded and some were really angry. So the question is - do
you want your users to be able to communicate or you want to fight with
administrators that have never read the RFCs...
Post by Nikolas Kallis
Hello,
"Reject the request when the HELO or EHLO hostname has no DNS A or MX
record."
"Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs."
I have seen in Postfix's documentation that it caters for 'home-grown'
software for some attributes. Catering for POS software isn't being
standard compliant.
As it is a requirnment for a RFC 2821 compliant SMTP server to have a
resolvable A and MX record, then 'reject_unknown_helo_hostname' shouldn't
even exist, instead Postfix should be rejecting the connection all together.
Assuming this is why 'reject_unknown_helo_hostname' exists; the
home-brewer should get his software right, instead of expecting others to
make exceptions for his lack of skill.
If Postfix was compliant with RFC 2821 in this respect, I wouldn't have
had to of wasted half my day. This is the whole point of standards.
Regards,
Nikolas Kallis
Martin Barry
2013-05-13 13:20:25 UTC
Permalink
http://en.wikipedia.org/wiki/Jon_Postel#Postel.27s_Law

"Be liberal in what you accept, and conservative in what you send"

Software, and the way people configure it, should be RFC compliant but
reality often falls short of this ideal.
Post by Nikolas Kallis
Hello,
"Reject the request when the HELO or EHLO hostname has no DNS A or MX
record."
"Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs."
I have seen in Postfix's documentation that it caters for 'home-grown'
software for some attributes. Catering for POS software isn't being
standard compliant.
As it is a requirnment for a RFC 2821 compliant SMTP server to have a
resolvable A and MX record, then 'reject_unknown_helo_hostname' shouldn't
even exist, instead Postfix should be rejecting the connection all together.
Assuming this is why 'reject_unknown_helo_hostname' exists; the
home-brewer should get his software right, instead of expecting others to
make exceptions for his lack of skill.
If Postfix was compliant with RFC 2821 in this respect, I wouldn't have
had to of wasted half my day. This is the whole point of standards.
Regards,
Nikolas Kallis
Manuel Bieling
2013-05-13 14:01:20 UTC
Permalink
Lets quote RFC2821, Section 4.1.1.1 "The argument field contains the fully-qualified domain name of the SMTP client if one is available"

Section 3.6 specifies what is a domain. I guess everything is right with postfix.

This page(1) includes an example for the usage of reject_unknown_helo_hostname:

(1): http://www.postfix.org/SMTPD_ACCESS_README.html

Regards,

Manuel
Post by Nikolas Kallis
Hello,
"Reject the request when the HELO or EHLO hostname has no DNS A or MX
record."
"Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP.  In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs."
I have seen in Postfix's documentation that it caters for 'home-grown'
software for some attributes. Catering for POS software isn't being
standard compliant.
As it is a requirnment for a RFC 2821 compliant SMTP server to have a
resolvable A and MX record, then 'reject_unknown_helo_hostname'
shouldn't even exist, instead Postfix should be rejecting the connection
all together.
Assuming this is why 'reject_unknown_helo_hostname' exists; the
home-brewer should get his software right, instead of expecting others
to make exceptions for his lack of skill.
If Postfix was compliant with RFC 2821 in this respect, I wouldn't have
had to of wasted half my day. This is the whole point of standards.
Regards,
Nikolas Kallis
Loading...