From owner-freebsd-arch Sun Aug 27 0:21:26 2000 Delivered-To: freebsd-arch@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id D630B37B42C; Sun, 27 Aug 2000 00:21:18 -0700 (PDT) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.11.0/8.9.3) with ESMTP id e7R7L6G27398; Sun, 27 Aug 2000 00:21:08 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200008270721.e7R7L6G27398@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Peter Pentchev Cc: Robert Watson , Mike Smith , Brian Fundakowski Feldman , Darren Reed , "Jordan K. Hubbard" , root@ihack.net, freebsd-sparc@FreeBSD.ORG, freebsd-arch@FreeBSD.ORG Subject: Re: Competition In-Reply-To: <20000823180039.G63286@ringwraith.office1.bg> Date: Sun, 27 Aug 2000 00:21:06 -0700 From: Peter Wemm Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Peter Pentchev wrote: > On Wed, Aug 23, 2000 at 10:51:03AM -0400, Robert Watson wrote: > [snip Robert Watson quoting Mike Smith] > > > > Actually, the check of the "helo" field is something I'd like removed: it > > makes life very difficult for hosts behind NATs without proper SMTP > > proxies (such as default installs of our natd, which does not include an > > SMTP proxy :-). It's not possible to send-pr from internal machines > > behind my NAT without having world-visible DNS names for all my internal > > machines. > > So configure your MTA to send the NAT proxy address in the HELO; this might > make other MTA's on your LAN unhappy, but the world outside sees a kosher > HELO with the exact hostname of the host it's coming from. For what it's worth, the HELO check is for a hostname that *resolves* to something, not an exact hostname == connecting host match. If you said 'HELO whitehouse.gov' it would be accepted. Incidently, I'm a firm believer that non-reachable hosts shouldn't be involved in SMTP sending at all. The simplest and most reliable way this should be done is to transparently proxy any outbound SMTP attempts to a local externally visible mail gateway. This is doubly important for dialup ISP's who desperately need to transparently proxy *both* inbound and outbound connections. This 1) severely cramps the style of folks who would use the dialups for SMTP relay searching and 3rd party relay abuse, and 2) stops 3rd parties from abusing open SMTP servers on your dialups and getting you in trouble with open-relay list folks. As an example of what I mean by transparent relaying for SMTP, try: telnet 216.226.198.10 smtp telnet 216.226.198.11 smtp telnet 216.226.198.12 smtp etc. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message