Off topic: smtp HELO question

[RW]

On Mon, 6 Mar 2017 17:15:22 +0000
Matthew Seaman wrote:

> On 2017/03/06 16:56, Quartz wrote:
> > By default, if you're behind a NAT, Thunderbird sends your local IP
> > address as part of the 'hello' when connecting to a mail server,
> > which then gets stamped into the header info for all to see as the
> > email is sent down the chain.

This doesn't matter.

> > I'm trying to debug some email issues, and I suspect that this
> > initial header might be part of my problems. I can configure
> > Thunderbird to send an arbitrary string instead of a NAT IP via the
> > mail.smtpserver.smtp*.hello_argument variable, but I'm not 100% sure
> > what I can legitimately put here without getting my emails marked as
> > spam. Does this field have to match the reverse-lookup up of the
> > world-routable external IP that you send the email through, or can
> > it be any arbitrary string that matches a domain name pattern? Can
> > anyone point me to a resource that explains this in depth?  

> In particular, for the specific case of a client program like
> Thunderbird talking SMTP to a server via the Submission port (587) it
> is rare to find this sort of check.  For mail submission you generally
> identify yourself by logging into the server after switching your
> connection to TLS, which provides better proof of identity than
> forward and reverse DNS checks.  The HELO/EHLO name thing is much
> more important for MTA to MTA transmission via port 25.

There is an exception to that.

The RFC allows a fully qualified domain name or an IP address in square
brackets. A "bare" IP address, without the backets, would be an RFC
violation. SpamAssassin has rules that will punish this heavily, even on
a deep received header.

I don't know if its even possible, but it wouldn't be a good idea to
make Thunderbird use an alternate IP address as a helo if it doesn't
end-up inside brackets.