Mailing List SIMS@mail.stalker.com Message #9552
From: Bill Cole <listbill@scconsult.com>
Subject: Re: "your name is not...."
Date: Fri, 9 Nov 2001 19:57:02 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 12:03 PM -0600 11/6/01, Michael A. Pasek  imposed structure on a stream of electrons, yielding:
While doing some packet sniffing to look at the "220-Stalker...." message,
I noticed the following (">" is _to_ SIMS, "<" is _from SIMS):
  < 220-Stalker Internet Mail Server v1.7 is ready.
  < 220 ESMPT is spoken here.
  > HELO lalonde.michael-pasek.net
  < 250 voidhawk.michael-pasek.net your name is not lalonde.michael-pasek.net

BUT IT IS!  The IP address in the packet (10.10.20.1) resolves correctly
to that name.


But whoever owns that domain says that its address is 216.17.75.210.

(I am guessing that might be you...)

SIMS doesn't do reverse lookups, because reverse lookup are generally meaningless. SIMS already knows that you are using that IP address, so there's a reasonably good chance that you can make the reverse lookup say whatever you want it to say. The HELO argument check is a forward lookup to verify whether you MIGHT be lying about your name: if it checks out then it is certain that whoever controls the name agrees with the user of the IP address on that mapping.


I never looked at the exchange at this level before, because
it wasn't necessary (everything is working).  I should point out that my
SIMS _only_ receives mail, it does not send any (except "bounce" and
"return receipt" messages), and is not directly-connected to the Internet.
All mail first goes through a Sendmail -- or two -- on my firewall, which
then forwards to SIMS.  The firewall is, in fact, lalonde.michael-pasek.net.

Is this something that was fixed in a later version of SIMS ?

No need for a fix. It is not broken.

The only impact of that check failing is that any Received headers SIMS adds to mail on that session will say "from <ip> (HELO <name>)" instead of "from <name> (<ip> verified)" If you really want it to not scold you, you can fix it in DNS.


 I know, I
should upgrade to 1.8b8, but hey....it's working!.  And I'm a firm believer
in "If it ain't broke, don't fix it".  Besides, if I spent my time upgrading
SIMS, I wouldn't have time to read (and write verbose responses to) the
SIMS List.....


Given your protected situation, SIMS 1.7 is not broken (since the only changes I can recall are meaningless to a protected machine) but the upgrade takes about 20 seconds longer than the download time. And it won't change this behavior.
--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster