[RCU] Misconfigured Mailing List DNS

roundcube at ptld.com roundcube at ptld.com
Sun Aug 15 20:12:20 CEST 2021


> and there is no requirement to do so - the only requirement is that
> the hostname exists in DNS

And that is not actually true. RFC-821 Section 3.5 says:
"The sender-SMTP MUST ensure that the <domain> parameter in a HELO 
command is a valid principal host domain name for the client host."

Key words... "MUST" and "for the client host" meaning FCrDNS. Since RFC 
purest want to be literal, it literally *IS* a requirement to have a 
valid FCrDNS for HELO FQDN.

Now comes the rub, the RFC's then say that:
"the receiver MUST NOT refuse to accept a message, even if the sender's 
HELO command fails verification"

So i can see why you say its not a requirement. But it is.

If people are going to be RFC zealots then no one would be allowed to 
use a RBL list for fighting spam. A spammer checks all of the boxes on 
the list of requirements for a valid email, but people still choose to 
block email on RBL list going against the RFC's. If you are using 
spamassassign you are violating the RFC's. So im tired of hearing that 
defense against common sense approaches that do not violate the RFC in 
spirit.


> because 2 days later you have your own customer on the phone why he
> can't deliver any longer mails to you

Why so? Your customers should be using a submission port for sending 
emails. That is what submission ports are for. You would not enforce any 
kind of PTR, HELO or FCrDNS on a submission port because you know those 
are coming from customers (residential ISP connections) *AND* you are 
using SASL authentication instead. People using an IMAP/POP3 client 
should not be directly connecting to a mail servers port 25 which is 
where you would be enforcing FCrDNS.


> frankly there is nothing wrong with the setup at all

Disagree, they are violating RFC-821 Section 3.5. Just because the RFC's 
then tell receiving servers to not enforce it doesn't mean they aren't 
violating the RFC's.


> if you have problems with receiving mails from there it's your stubborn 
> setup

Your logic is the same as saying just because a city DA office makes a 
policy not to prosecute shoplifters does that mean shoplifting is now 
legal? And there is nothing wrong with it? Id hope people would still 
follow the spirit of the law, not shoplift, consider the impacts of 
their choices on the rest of the world and stop to ask, just because we 
could, does it mean we should. Yes you COULD violate RFC-821 Section 
3.5, the RFC police wont arrest you. But should you when its so easy not 
to? What are you gaining by NOT having proper FCrDNS?


More information about the users mailing list