Web lists-archives.com

Re: reportbug - debian SMTP HELO forged




On Thu 24/May/2018 03:33:52 +0200 bw wrote: 
> On Thu, 24 May 2018, Ben Caradoc-Davies wrote:
>> On 24/05/18 12:40, bw wrote:
>>> Okay, I must have something misconfigured.

Yes, ~/.reportbugrc

>>> [...]
>>> Connecting to packages.debian.org via SMTP...
>>> SMTP send failure: {'menu@xxxxxxxxxxxxxxxxxxx': (550, b'HELO mismatch
>>> Forged HELO for ([127.0.0.1])')}.

That message was issued by the Debian SMTP server.

[127.0.0.1] is a typical client HELO.  In particular, it is what you get by:

   printf 'import socket\nprint socket.getfqdn()\n'|python

Submission clients later authenticate using a password, a certificate, or a
well known (to the server) IP address.  Email submission is different from
server relaying, where authentication can use SPF HELO, DKIM, and the like.

You should send mail through Yahoo! mail submission service, like Ben exemplified:

>> I send mail via my mail hosting provider's MTA to ensure HELO matches.
>> 
>> This is my ~/.reportbugrc, rewritten to use your address and the Yahoo SMTP
>> server. You can also try port 465 if this does not work:
>> 
>> [...]
>> smtphost "smtp.mail.yahoo.com:587"
>> smtptls
>> smtpuser "bwtnguy@xxxxxxxxx"
>> smtppasswd "YOUR_YAHOO_PASSWORD_GOES_HERE"

(I only kept the lines describing the SMTP host connection)

> smtphost reportbug.debian.org

The above line triggers special hacks to allow the so called direct-to-mx
sending, an unauthenticated technique chiefly used by spammers.  It may work if
you configure your sockets so as to mimic a credible mail server.  That is,
have the above command return a FQDN, possibly resolving to the IP address
you're going to use.  However, that technique supports neither external CC:
addresses nor copy-to-sent-folder.

hth
Ale