[pmmail-list] HELO - Not...Re: Another new beta 2627 posted

[Tim Roberts]

On Wed, 04 Sep 2002 15:25:08 -0400, Rich wrote:
>
>32. SERVER: PMMail 2000 is now RFC-821 compliant when sending the HELO
>command during a message send.
>
>It used to send my PC's name, then the PC name along with my personal
>network name. Great for security! Now it's back to just sending the PC 
>name, on my XP test machine anyway.
>
>This is not only wrong, but to my reading and interpretation, _not_ RFC-821
>compliant.  As stated:
>
>      The following two commands are used in transmission channel
>      opening and closing:
>
>         HELO <SP> <domain> <CRLF>
>         QUIT <CRLF>
>
>      In the HELO command the host sending the command identifies
>      itself; the command may be interpreted as saying "Hello, I am
>      <domain>".
>
>Key word being "<domain>"! My personal computer name has nothing to do 
>with my domain.

"Domain" in this case is a key into the syntax BNF.  If you look at the 
explanatory text, the HELO command argument is supposed to be the hostname of 
the computer doing the sending, not the e-mail account of the sender.  
bearlycomputing.com does not map to the IP address listed in the e-mail 
header.  That IP, 209.130.218.183, belongs to frontiernet.net and does not 
have a reverse lookup.

However, it doesn't really matter.  The RFC does not require the address in 
the HELO to be valid, nor does it specify to what use it might be put.  
Because the HELO is trivially spoofable, most MTA's discard whatever you 
specify in HELO and just do a reverse lookup of your IP address.  Thus, even 
though I am on a machine called timr.in.probo.com, and our server is 
probo.com, most MTA's knows me by my ISPs name for our DSL line:

220-mail.earthlink.net ESMTP Exim 3.33 #1 Wed, 04 Sep 2002 13:15:34 -0700
HELO timr.in.probo.com
250 mail.earthlink.net Hello sub24-220.member.dsl-only.net [63.105.24.220]
QUIT

>I am concerned about this not only for security reasons, but because I have
>more than one domain and do not want them obviously linked together by 
>my mailer!

I'm not sure I see the point.  If both e-mails are sent from the same 
machine, the HELO strings should be the same.  Further, I'm not sure what 
damage is done by revealing your machine's name in the Received line of an e-
mail.  It isn't of any use unless someone gets behind your firewall, and in 
that case there are better ways to find live machines.

>It simply gets the domain name from my e-mail address, and this is proper.

Well, it is another approach, and even a sensible one, but I'm not sure it 
can be called "proper".  Your e-mail address does not identify your machine.

>Not many ISPs seem to send the helo results with their e-mails, but mine
>does and I'd still like to see this fixed...

Your request is a reasonable one, but it can't really be called a "fix", 
because it isn't actually "broken".


--
- Tim Roberts, timr@probo.com
  Providenza & Boekelheide, Inc.

- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com

To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com 
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------