Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Using smtp_host as EHLO argument is not a good idea. #3997
The parameter after HELO should identify the system sending the email. So a externally addressable domain should be used.
SMF should not use localhost because a lot of spam software does that, and the sending email will likely be marked as spam.
From RFC 2821:
Superceded in https://tools.ietf.org/html/rfc5321#section-184.108.40.206 and https://tools.ietf.org/html/rfc5321#section-3.2 but they all say the same thing.
In an ideal world you would quit if the $helo was empty as the other checks before this point should not fail, but I left that check in to ensure backwards compabitibilty with the older SMF 2.0.x codebase.
Reviewing this code
We try with 3 different methods to obtain the server name. If all else fails we fall back to smtp_host specified.
Honestly I don't know how much more we can try to get the server name. About the only other thing we could do is determine if we are being a proxy and if so look for a HTTP_X_FORWARDED_HOST header. After that we have no other way to determine the current hostname.
While there is a RFC, our software is doing its best to determine who it is and at least attempting to prevent sending as localhost. However with SPF records nowadays, I suspect using the smtp_host will fail with major email providers nowadays.
The only other option is to allow user provided input, but that won't solve anything if they are failing SPF checks still because the hostname and IP they are sending as don't match valid SPF records.