Looking for the specific RFC and paragraph that specifies that the
HELO header/banner of a SMTP mail server must contain a valid FQDN.  As in,
"lkkjssjadlk.google.com" must resolve to an IP address or else the remote server is
breaking a RFC.  Basically I want to make sure that configuring my
mail server to auto terminate SMTP sessions when the remote server has
an invalid domain name isn't putting ME in violation of a RFC, and
rather it's the other guy's box who is in the wrong.  Hope this makes
sense.

---

Clarification of Question by ghettoboy-ga on 03 Oct 2003 20:49 PDT

//edit: Sorry about posting this in Computers > Hardware.  Thought I
clicked Computers > Internet.

Howdy ghettoboy,

You can find the referenced RFC 1123 in several places.
This copy is from the freesoft.org website.
http://www.freesoft.org/CIE/RFC/1123/90.htm

RFC 1123 - 5.2.5 HELO Command: RFC-821 Section 3.5

"The sender-SMTP MUST ensure that the <domain> parameter in
a HELO command is a valid principal host domain name for the
client host. As a result, the receiver-SMTP will not have to
perform MX resolution on this name in order to validate the
HELO parameter.

The HELO receiver MAY verify that the HELO parameter really
corresponds to the IP address of the sender. However, the
receiver MUST NOT refuse to accept a message, even if the
sender's HELO command fails verification."

My reading of the above indicates you may not do what you
are proposing because of the second paragraph above.  The
first part of the second sentence in that paragraph is what
makes it against RFC 1123:

"... the receiver MUST NOT refuse to accept a message ..."

I read this to mean you must not refuse a message based on
anything, including an invalid FQDN, in the HELO line.

Further, RFC 1123 suggests what to do instead.

"When HELO parameter validation fails, a suggested procedure
is to insert a note about the unknown authenticity of the
sender into the message header (e.g., in the "Received:" line)."

This cr.yp.to web page, however tersely, supports my reading.
http://cr.yp.to/smtp/helo.html

"RFC 1123 prohibits HELO-based rejections."

THere are other reasons, other than the RFC on why you should
not do such an implementation.  You should read this Python
patches thread for a discussion on this subject.
http://mail.python.org/pipermail/patches/2002-March/007719.html

"Resolving the name it's a very bad idea ..."

This Internet Engineering Task Force (IETF) discussion speaks
to more reasons why you do not want to take this approach.
http://www1.ietf.org/mail-archive/working-groups/asrg/current/msg07118.html

"I specifically mentioned cable/dsl customers because lack
of understanding isn't their problem. They cannot set up
rDNS themselves ..."

So, there might be conditions wherein someone is placed in
a situation where they don't have a Fully Qualified Domain
Name (FQDN) or way to resolve out their IP, etc.  You wouldn't
want to terminate their connections through no fault of their
own.

If you need any clarification, feel free to ask.


Search Strategy:

Personal experience as a former ISP owner/operator, which
means I can look at a RFC without my head exploding.

Google search on: RFC HELO
://www.google.com/search?q=RFC+HELO

Looking Forward, denco-ga

Perfect!  Thanks.

Fun question to work on, ghettoboy!  RFCs can be a pain
at times, but it is good to see someone as yourself that
wants to get it right.  Thanks for the 5 stars!

Looking Forward, denco-ga