[Patches] [ python-Patches-497736 ] smtplib.py SMTP EHLO/HELO correct
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 24 Mar 2002 07:37:18 -0800
Patches item #497736, was opened at 2001-12-30 01:20
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=497736&group_id=5470
Category: Library (Lib)
Group: Python 2.3
>Status: Closed
>Resolution: Rejected
Priority: 5
Submitted By: Eduardo Pérez (eperez)
Assigned to: Neil Schemenauer (nascheme)
Summary: smtplib.py SMTP EHLO/HELO correct
Initial Comment:
If the machine from you are sending mail doesn't have a
FQDN and the mail server requires a FQDN in HELO the
current code will fail.
Resolving the name it's a very bad idea:
- It's something from other layer (DNS/IP) not from SMTP
- It breaks when the name of the computer is not FQDN
(as many dial-ins do) and the SMTP server does strict
EHLO/HELO checking as stated before.
- It breaks computers with a TCP tunnel to another host
from the connection is originated if the relay does
strict EHLO/HELO checking.
- It breaks computers using NAT, the host that sees the
server is not the one that sends the message if the
relay does strict EHLO/HELO checking.
- It's considered spyware as you are sending
information some companies or people don't want to say:
the internal structure of the network.
No important mail client resolves the name. Look at
netscape messenger or kmail. In fact kmail and perl's
Net::SMTP does exactly what my patch does.
Please don't resolve the names, as this approach works
and the most used email clients do this.
I send you the bugfix.
----------------------------------------------------------------------
>Comment By: Neil Schemenauer (nascheme)
Date: 2002-03-24 15:37
Message:
Logged In: YES
user_id=35752
I'm rejecting this patch. RFC 1123 requires that name
sent after the HELO verb is "a valid principal host domain
name for the client host". While RFC 1123 goes on to prohibit
HELO-based rejections it is possible that some servers do
reject mail based on HELO. Thus, changing the hostname
sent to "localhost.localdomain" could potentially break
scripts that currently work.
The concern raised is still valid however. Finding the
FQDN using gethostbyname() is unreliable. To address this
concern I've added a "local_hostname" argument to the
SMTP __init__ method. If provided it is used as the local
hostname for the HELO and EHLO verbs.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2002-03-24 12:06
Message:
Logged In: YES
user_id=6380
Since Barry has not expressed any interest in this patch,
reassigning to Neil, and set status to Accepted.
----------------------------------------------------------------------
Comment By: Neil Schemenauer (nascheme)
Date: 2002-03-24 01:42
Message:
Logged In: YES
user_id=35752
This patch looks correct in theory to me. Trying to find
the FQDN is wrong, IMHO.
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-12-30 02:24
Message:
Logged In: YES
user_id=6380
Seems reasonable to me, but I lack the SMTP knowledge to
understand all the issues. Assigned to Barry Warsaw for
review. (Barry: Eduardo found a similar privacy violation
in ftplib, which I fixed. You might also ask Thomas Wouters
for a review of the underlying idea.)
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=497736&group_id=5470