Is customizing EHLO per return-path possible or practical?

mychrislo · ‎01-14-2011

It looks like to me certain reputation method use the EHLO hostname to match the return-path domain part or the From: domain part.

Can I do that customization in C series? Say, via outbound content filter?

Or should I just no need to worry about remote mta who does this checking?

Is SenderID (hotmail) using one of the above technique?

In fact, after researching for a while. Making SPF and DKIM is not hard. But how to do spf2.0/pra in ironport?

Many thanks.

Chris Lo

Andreas Mueller · ‎01-17-2011

Hello Chris,

firt of, matching the ehlo hostname is not an option in AsyncOS that you can configure in a policy or a filter. I think the main reason for this is that most senders (or at least a high percentage) use the outbound gateway of their ISP to deliver email from their local network. As ISPs usually server multiple domains, there is a good chance that the ehlo hostname won't match with the message sender or the reply to. In your case using the Cisco IronPort as the delivery gateway, you'd indeed ensure that the hostname you define for your delivery interface matches your domain (if you got only one, that is), to prevent trouble with recipients who have such checks in place.

About SenderID, this is basically an extension of the SPF standard (still in an experimental RFC I think), which does an additional check on the actual mail headers. And indeed used by Hotmail as a couple of articles in various ezines state:

http://news.techworld.com/security/3908/microsoft-forces-sender-id-on-hotmail-users/

Cisco IronPort currently does not perform spf2.0/pra checks, and I cannot really think about a way to emulate that, at least not for inbound messages.

Hope that helps,

Andreas