OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: HELO is CNAME -> reject ??
From: Bodo Moeller (bmcdc.informatik.tu-darmstadt.de)
Date: Tue Apr 11 2000 - 06:59:58 CDT

On Mon, Apr 10, 2000 at 05:20:59PM +0200, Ralf Hildebrandt wrote:
> On Mon, Apr 10, 2000 at 10:55:04AM -0400, Vivek Khera wrote:

>>> But RFC 1123 5.2.5 also says

>>> However, the receiver MUST NOT refuse to accept a message, even if the
>>> sender's HELO command fails verification.

>> Obviously written in the days before wide-spread SPAM.

> Doesn't RFC mean "Request for comment"?
> So how can we comment on this or e.g. contradictions in general?

It's not a contradiction, it's the old principle "Be liberal in what
you accept, and conservative in what you send" (see, e.g., section 2.9
of RFC 2360 [= BCP 22]). In this case, a positive effect of the "MUST
NOT refuse" is to limit service disruptions when configuration changes
are badly coordinated (e.g., without paying proper attentation to DNS
TTL values, or without verifying that all secondary DNS servers really
have obtained the new zone files [note that you cannot rely on the SOA
"refresh" parameter, you'd have to wait for "expire" to make sure]).