On Sun, 2005-11-13 at 12:39, Alexander Dalloz wrote:
> > > Perhaps in this case a better solution is that his MTA should be
> > > configured to reject any mail coming in with a HELO name that is not
> > > true (ie, your mailserver external hostname or IP).
>
> Fully agreed. Better rejecting the forgery at SMTP time than to first
> accept it and then classify it as spam.
Note that there is an RFC that says you MUST NOT reject on a mismatch
between the HELO name and the connecting IP address. Multi-homed
servers are not expected to adjust their name to match the interface
that happens to be used for each connection and it is common for
servers to live behind a NAT gateway and not even know the public
IP address in use.
Of course on your own machine you can discard as much mail as you want.
--
Les Mikesell
lesmikesell@xxxxxxxxx
