[GTER] sobre spam: bloquear reverso inconsistente funciona mesmo?

Henrique de Moraes Holschuh henrique.holschuh at ima.sp.gov.br
Wed Aug 22 15:47:40 -03 2012


On 22-08-2012 14:07, Raphael Bittencourt S. Costa wrote:
> 5.2.5 HELO Command: RFC-821 Section 3.5

Olhe no RFC 5321 (que atualiza o 1123, e obsoletou o 2821 e 821):

2.3.5 Domain Names
...
    o  The domain name given in the EHLO command MUST be either a primary
       host name (a domain name that resolves to an address RR) or, if
       the host has no name, an address literal, as described in
       Section 4.1.3 and discussed further in the EHLO discussion of
       Section 4.1.4.

4.1.1.1.  Extended HELLO (EHLO) or HELLO (HELO)

    These commands are used to identify the SMTP client to the SMTP
    server.  The argument clause contains the fully-qualified domain name
    of the SMTP client, if one is available.  In situations in which the
    SMTP client system does not have a meaningful domain name (e.g., when
    its address is dynamically allocated and no reverse mapping record is
    available), the client SHOULD send an address literal (see
    Section 4.1.3).

    RFC 2821, and some earlier informal practices, encouraged following
    the literal by information that would help to identify the client
    system.  That convention was not widely supported, and many SMTP
    servers considered it an error.  In the interest of interoperability,
    it is probably wise for servers to be prepared for this string to
    occur, but SMTP clients SHOULD NOT send it.

4.1.4.
...
    The SMTP client MUST, if possible, ensure that the domain parameter
    to the EHLO command is a primary host name as specified for this
    command in Section 2.3.5.  If this is not possible (e.g., when the
    client's address is dynamically assigned and the client does not have
    an obvious name), an address literal SHOULD be substituted for the
    domain name.

    An SMTP server MAY verify that the domain name argument in the EHLO
    command actually corresponds to the IP address of the client.
    However, if the verification fails, the server MUST NOT refuse to
    accept a message on that basis.  Information captured in the
    verification attempt is for logging and tracing purposes.  Note that
    this prohibition applies to the matching of the parameter to its IP
    address only; see Section 7.9 for a more extensive discussion of
    rejecting incoming connections or mail messages.


A verificação do EHLO é MAY, o bloqueio se a resolução do EHLO não bater
com o IP do cliente é MUST NOT, e o reverso explicitamente pode não existir.

Na prática, pegar pesado com o EHLO dá problema e você vai rejeitar
MUITA email válida.  Falo por experiência própria (se bem que não
chegamos a rejeitar, o postfix tem uma diretiva "warn_if_reject" que é
excelente).

-- 
Henrique de Moraes Holschuh <hmh at ima.sp.gov.br>
IM@ - Informática de Municípios Associados
Engenharia de Telecomunicações
TEL +55-19-3755-6555/CEL +55-19-9293-9464

Antes de imprimir, lembre-se de seu compromisso com o Meio Ambiente
e do custo que você pode evitar.



More information about the gter mailing list