Date: Sun, 27 Aug 2000 00:21:06 -0700 From: Peter Wemm <peter@netplex.com.au> To: Peter Pentchev <roam@orbitel.bg> Cc: Robert Watson <rwatson@FreeBSD.ORG>, Mike Smith <msmith@FreeBSD.ORG>, Brian Fundakowski Feldman <green@FreeBSD.ORG>, Darren Reed <darrenr@reed.wattle.id.au>, "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com>, root@ihack.net, freebsd-sparc@FreeBSD.ORG, freebsd-arch@FreeBSD.ORG Subject: Re: Competition Message-ID: <200008270721.e7R7L6G27398@netplex.com.au> In-Reply-To: <20000823180039.G63286@ringwraith.office1.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Pentchev wrote: > On Wed, Aug 23, 2000 at 10:51:03AM -0400, Robert Watson wrote: > [snip Robert Watson quoting Mike Smith] > > > > Actually, the check of the "helo" field is something I'd like removed: it > > makes life very difficult for hosts behind NATs without proper SMTP > > proxies (such as default installs of our natd, which does not include an > > SMTP proxy :-). It's not possible to send-pr from internal machines > > behind my NAT without having world-visible DNS names for all my internal > > machines. > > So configure your MTA to send the NAT proxy address in the HELO; this might > make other MTA's on your LAN unhappy, but the world outside sees a kosher > HELO with the exact hostname of the host it's coming from. For what it's worth, the HELO check is for a hostname that *resolves* to something, not an exact hostname == connecting host match. If you said 'HELO whitehouse.gov' it would be accepted. Incidently, I'm a firm believer that non-reachable hosts shouldn't be involved in SMTP sending at all. The simplest and most reliable way this should be done is to transparently proxy any outbound SMTP attempts to a local externally visible mail gateway. This is doubly important for dialup ISP's who desperately need to transparently proxy *both* inbound and outbound connections. This 1) severely cramps the style of folks who would use the dialups for SMTP relay searching and 3rd party relay abuse, and 2) stops 3rd parties from abusing open SMTP servers on your dialups and getting you in trouble with open-relay list folks. As an example of what I mean by transparent relaying for SMTP, try: telnet 216.226.198.10 smtp telnet 216.226.198.11 smtp telnet 216.226.198.12 smtp etc. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008270721.e7R7L6G27398>