OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: why does postfix say helo=<127.0.0.1>? [SOLVED]

From: AlxFrag (alxfraggmail.com)
Date: Thu Dec 20 2007 - 01:59:06 CST

mouss wrote:
> Bill Cole wrote:
>> At 12:36 PM +0100 12/19/07, mouss wrote:
>>> AlxFrag wrote:
>>>> Erwan David wrote:
>>>>> Le Wed 19/12/2007, AlxFrag disait
>>>>>
>>>>>> Thanks for the help. I blamed postfix for saying helo=127.0.0.1.
>>>>>> After a more careful investigation i realised that my thunderbird
>>>>>> mail client says helo using the loopback device, don't know why.
>>>>>>
>>>>>
>>>>> Normal if you configured it to use localhost as outgoing server.
>>>>>
>>>>>
>>>> As outgoing SMTP server i've specified the domain name of my mail
>>>> server, not the localhost.
>>>
>>> The question is to which IP it connects? If it connects to
>>> 127.0.0.1, it will use [127.0.0.1].
>>>
>>> The problem is that MUAs don't offer a way to chose the helo name,
>>> and even if they did, how many people would know what that means. On
>>> windows, many MUAs use the NetBIOS name (even some servers do;-p).
>>> using a literal IP is still better (it's valid according to the RFCs).
>>>
>>> but MUAs use an MSA to send their mail, so nobody should care about
>>> their helo.
>>
>> That's not really a valid excuse. Some MUA's (e.g. Eudora) have ways
>> to set the HELO name they use and there are reasonable strategies for
>> figuring out a non-braindead HELO most of the time.
>
> so let's see how a MUA can find its helo name if not explictely
> configured.
>
> 1- If the MUA reaches the MSA via a NAT box (or if the MAU host does
> NAT), there is no way to get the IP as seen by the MSA, and whatever
> strategy you use is futile.
>
> 2- If smtp flow is redirected to an anti-virus/filter/... on the same
> box (or another), it is not obvious to guess the IP that will be used
> to reach the MSA (unless when the anti-virus/filter/... is
> "transparent". This won't be the case if using ipfilter rdr for
> instance, unless you compile the MUA to be aware of ipfilter...).
>
> 3- Assuming there is no NAT and no filter, the MUA must still find the
> source IP. This requires that the MUA is developped using an API that
> provides this information. assuming this is the case (MUA using BSD
> sockets for instance), this requires an additionnal block of code
> (which may contain some ifdef stuff to cope with system variations).
> All this for what benefit?
>
> 4- let's say it got the "right" IP. it can use a literal IP then. but
> let's say we want a name. now, the MUA need to do a reverse dns
> lookup. let's even assume that dns implementation is stable (/flushdns
> anyone?). you now need the IPs to be registered correctly. Given that
> this is still not correctly done on the public Internet, why would I
> require that in a private AN?
>
> 5- and since the host is a desktop, its IP and name may change
> "without notice". so the MUA needs to perform this stuff all over
> again...
>
> I have nothing against a MUA that implements this correctly, but until
> this is integrated in DHCP (or any mechanism that allows the client to
> get its helo name from a server), I won't care.
>
> For mail servers, helo may be used to detect loops, to detect broken
> ratware/spam, or to "identify" hops when tracing a mail. In the case
> of a MUA, the recommended practice is to enforce authentication and
> you don't need to care about helo/ehlo (except as a way to "negociate"
> smtp extensions).
>
>> *ANY* MUA can be smart enough to never use '[127.0.0.1]' and there's
>> always some better
>> choice: either 'localhost' for connections on the loopback
>
> What makes 'localhost' better than '[127.0.0.1]'?
>
>
>> or an IP literal matching the IP used for the connection (which is
>> better than a loopback IP literal even if it is an address that is
>> going to get NAT'ed into irrelevance.)
>
> As you can see from the headers of my email, Thunderbird does use the
> IP it connects with. If you tell it to connect to 10.1.2.3, it will
> use [10.1.2.3]. if you tell it to connect to 127.0.0.1, it will use
> [127.0.0.1]. OP may have the server name in his /etc/hosts on the
> 127.0.0.1 line, or have an IP redirection mechanism that affects the
> socket IPs, ... etc.
>
>
>
>
I'm using Thunderbird on Windows XP machine, i'm also using a static IP
address. I've used the default installation for thunderbind and i've
never told it to use the loopback interface.
I know i might a bit off-topic posting to this list but, if anyone knows
how i can force my client to use the proper IP address i'd be grateful.

Alex