Off topic: smtp HELO question
matthew at FreeBSD.org
Mon Mar 6 17:15:35 UTC 2017
On 2017/03/06 16:56, Quartz wrote:
> By default, if you're behind a NAT, Thunderbird sends your local IP
> address as part of the 'hello' when connecting to a mail server, which
> then gets stamped into the header info for all to see as the email is
> sent down the chain.
> I'm trying to debug some email issues, and I suspect that this initial
> header might be part of my problems. I can configure Thunderbird to send
> an arbitrary string instead of a NAT IP via the
> mail.smtpserver.smtp*.hello_argument variable, but I'm not 100% sure
> what I can legitimately put here without getting my emails marked as
> spam. Does this field have to match the reverse-lookup up of the
> world-routable external IP that you send the email through, or can it be
> any arbitrary string that matches a domain name pattern? Can anyone
> point me to a resource that explains this in depth?
The HELO or EHLO name supplied by the sending side should match what is
returned by a reverse lookup on the IP the receiving side sees the
traffic coming from.
So if your NAT transforms internal addresses to W.X.Y.Z and a reverse
lookup 'host W.X.Y.Z' returns 'foo.example.com' then you should
configure your mail client to EHLO as 'foo.example.com'
Note however that this is not an absolute requirement -- whether a
receiving MTA checks this sort of thing is down to the individual
administrator. Most do, as it is a very cheap way to dump various types
In particular, for the specific case of a client program like
Thunderbird talking SMTP to a server via the Submission port (587) it is
rare to find this sort of check. For mail submission you generally
identify yourself by logging into the server after switching your
connection to TLS, which provides better proof of identity than forward
and reverse DNS checks. The HELO/EHLO name thing is much more important
for MTA to MTA transmission via port 25.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 972 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions