OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: why does postfix say helo=<127.0.0.1>? [SOLVED]

From: AlxFrag (alxfraggmail.com)
Date: Thu Dec 20 2007 - 02:28:15 CST

Matthias Haegele wrote:
> AlxFrag schrieb:
>> mouss wrote:
>>> Bill Cole wrote:
>>>> At 12:36 PM +0100 12/19/07, mouss wrote:
>>>>> AlxFrag wrote:
>>>>>> Erwan David wrote:
>>>>>>> Le Wed 19/12/2007, AlxFrag disait
>>>>>>>
>>>>>>>> Thanks for the help. I blamed postfix for saying helo=127.0.0.1.
>>>>>>>> After a more careful investigation i realised that my
>>>>>>>> thunderbird mail client says helo using the loopback device,
>>>>>>>> don't know why.
>>>>>>>>
>>>>>>>
>>>>>>> Normal if you configured it to use localhost as outgoing server.
>>>>>>>
>>>>>>>
>>>>>> As outgoing SMTP server i've specified the domain name of my mail
>>>>>> server, not the localhost.
>>>>>
>>>>> The question is to which IP it connects? If it connects to
>>>>> 127.0.0.1, it will use [127.0.0.1].
>>>>>
>>>>> The problem is that MUAs don't offer a way to chose the helo name,
>>>>> and even if they did, how many people would know what that means.
>>>>> On windows, many MUAs use the NetBIOS name (even some servers
>>>>> do;-p). using a literal IP is still better (it's valid according
>>>>> to the RFCs).
>>>>>
>>>>> but MUAs use an MSA to send their mail, so nobody should care
>>>>> about their helo.
>>>>
>>>> That's not really a valid excuse. Some MUA's (e.g. Eudora) have
>>>> ways to set the HELO name they use and there are reasonable
>>>> strategies for figuring out a non-braindead HELO most of the time.
>>>
>>> so let's see how a MUA can find its helo name if not explictely
>>> configured.
>>>
>>> 1- If the MUA reaches the MSA via a NAT box (or if the MAU host does
>>> NAT), there is no way to get the IP as seen by the MSA, and whatever
>>> strategy you use is futile.
>>>
>>> 2- If smtp flow is redirected to an anti-virus/filter/... on the
>>> same box (or another), it is not obvious to guess the IP that will
>>> be used to reach the MSA (unless when the anti-virus/filter/... is
>>> "transparent". This won't be the case if using ipfilter rdr for
>>> instance, unless you compile the MUA to be aware of ipfilter...).
>>>
>>> 3- Assuming there is no NAT and no filter, the MUA must still find
>>> the source IP. This requires that the MUA is developped using an API
>>> that provides this information. assuming this is the case (MUA using
>>> BSD sockets for instance), this requires an additionnal block of
>>> code (which may contain some ifdef stuff to cope with system
>>> variations). All this for what benefit?
>>>
>>> 4- let's say it got the "right" IP. it can use a literal IP then.
>>> but let's say we want a name. now, the MUA need to do a reverse dns
>>> lookup. let's even assume that dns implementation is stable
>>> (/flushdns anyone?). you now need the IPs to be registered
>>> correctly. Given that this is still not correctly done on the public
>>> Internet, why would I require that in a private AN?
>>>
>>> 5- and since the host is a desktop, its IP and name may change
>>> "without notice". so the MUA needs to perform this stuff all over
>>> again...
>>>
>>> I have nothing against a MUA that implements this correctly, but
>>> until this is integrated in DHCP (or any mechanism that allows the
>>> client to get its helo name from a server), I won't care.
>>>
>>> For mail servers, helo may be used to detect loops, to detect broken
>>> ratware/spam, or to "identify" hops when tracing a mail. In the case
>>> of a MUA, the recommended practice is to enforce authentication and
>>> you don't need to care about helo/ehlo (except as a way to
>>> "negociate" smtp extensions).
>>>
>>>> *ANY* MUA can be smart enough to never use '[127.0.0.1]' and
>>>> there's always some better
>>>> choice: either 'localhost' for connections on the loopback
>>>
>>> What makes 'localhost' better than '[127.0.0.1]'?
>>>
>>>
>>>> or an IP literal matching the IP used for the connection (which is
>>>> better than a loopback IP literal even if it is an address that is
>>>> going to get NAT'ed into irrelevance.)
>>>
>>> As you can see from the headers of my email, Thunderbird does use
>>> the IP it connects with. If you tell it to connect to 10.1.2.3, it
>>> will use [10.1.2.3]. if you tell it to connect to 127.0.0.1, it will
>>> use [127.0.0.1]. OP may have the server name in his /etc/hosts on
>>> the 127.0.0.1 line, or have an IP redirection mechanism that affects
>>> the socket IPs, ... etc.
>>>
>>>
>>>
>>>
>> I'm using Thunderbird on Windows XP machine, i'm also using a static
>> IP address. I've used the default installation for thunderbind and
>> i've never told it to use the loopback interface.
>> I know i might a bit off-topic posting to this list but, if anyone
>> knows how i can force my client to use the proper IP address i'd be
>> grateful.
>
> MUA TB: Look for smtp Properties for your account.
> Servername: yourservername or Ip-Adress
> (Note that i am using the german version of TB so i dont know the
> exact names)
>
>
>
>> Alex
>
>
i've checked it, everything looks fine. I've also checked the postfix
logs regarding my client. Client's IP (found in the logs) is fine but,
the helo name is not.