Off topic: smtp HELO question

Valeri Galtsev galtsev at kicp.uchicago.edu
Mon Mar 6 18:09:57 UTC 2017


On Mon, March 6, 2017 11:34 am, Quartz wrote:
>> So if your NAT transforms internal addresses to W.X.Y.Z and a reverse
>> lookup 'host W.X.Y.Z' returns 'foo.example.com' then you should
>> configure your mail client to EHLO as 'foo.example.com'
>
> OK thanks, that's kinda what I was expecting. Unfortunately for me, my
> external address floats around depending on what my ISP gives me, so I
> can't configure a static name in my client to match that. For now I'm
> trying to see what happens if I set it to the name of my domain I own,
> but the servers that host that aren't the ones I send mail through.

As Matthew said, HELO strict requirement (i.e. matching that what your
client said indeed resolves into IP this session comes from) can only be
requested by your server, and apparently your server (the way you connect
to it) does not require it. Whatever is said in that HELO will appear in
the very first (bottommost) "Received:" record of message header. I
seriously doubt that there is a spam filter that diligent to analyze the
match here.

However, your client, as your machine will not be able to resolve its IP
into hostname, will just pit the IP into HELO/EHLO, thus IP on private
namespace will be in the header, and some spam filters may add score for
message passing private IP space.

What to do if your NAT box has DHCP connection and you indeed want to go
to that level of hassle. (I personally don't care, so my mail when I am at
home has private IP in the header). You can make cron job, and keep
tracking what your real IP laptop appears from (when you are behind NAT).
I had to do that for a couple of signage boxes that were getting DHCP
addresses (and I needed to connect to them). What I used was a simple PHP
script that I put on my server. I must have lifted if from somewhere
(can't remember off hand where from to add appropriate credit). Here is
the script:


cat checkip.php


<?php

$ip = "";

if (!empty($_SERVER["HTTP_CLIENT_IP"]))
{
 //check for ip from share internet
 $ip = $_SERVER["HTTP_CLIENT_IP"];
}
elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
{
 // Check for the Proxy User
 $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
}
else
{
 $ip = $_SERVER["REMOTE_ADDR"];
}
echo 'Current IP Address: ' . $ip;

?>


Then on laptop you can make cron job to go to the
http://your.server/checkip.php and parse the reply to extract IP (which
will be real network IP your NAT box has.


I hope this helps.

Valeri

>
>
>>For mail submission you generally
>> identify yourself by logging into the server after switching your
>> connection to TLS,
>
> I do use TLS, but what I'm trying to debug is not so much that the email
> service *I* use checks, but that the final receiving server scans
> through the headers and flags anything with a NAT address. I'm having
> intermittent problems with some of my mail being flagged as spam when I
> mail anyone at a local university and I'm not sure what's going on yet.
>
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++


More information about the freebsd-questions mailing list