To combat spam I have enabled reverse-DNS lookups of incoming SMTP connections. If the FQDN does not match the HELO-Identity, I reject the connection with a 550 Error.
Bad idea, as you witnessed on your own skin. Checking the HELO argument sounds tempting in theory, but gets you in trouble sooner or later if you implement it in practice.
The relevant RFCs use words domain and hostname in different places when talking about argument to HELO command. They also say you *may* check the argument, but you *should not* reject solely based on that check. It was simply never ment to be used for strict checking. Don't use things for what they were not intended to be used, or you'll be burned.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
