The lost Bostonian (firstname.lastname@example.org)
Tue, 30 Sep 86 10:29:00 PDT
> From: Mark Crispin <MRC@SIMTEL20.ARPA>
> The Internet protocols are insecure by nature. A reasonably suspicious
> host should always record the host name or IP address of the how which
> actually connected to the SMTP server (the real host, not what was
> claimed in a HELO).
If it is true that all IP implementations enable a server program to
determine the IP address of its peer, then the HELO command, and its
response could be eliminated, which would save us a few bytes.
Certainly the response to the HELO is not necessary, since the server
has already identified itself in the opening greeting.
However, I quote from RFC 821, the explanation for HELO:
This command and an OK reply to it confirm that both the
sender-SMTP and receiver-SMTP are in the initial state,
that is, there is no transaction in progress and all state
tables and buffes are cleared.
I do not see that there would be a big problem of detecting the initial
state without a HELO. Other protocols (FTP, NNTP) don't use it.
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:58 GMT