helo.check forward_dns is ignored

[brutus]

Describe the bug

When using the helo.checks plugin with forward_dns=true I observed this behavior: Sending HELO google.de once fails with 550 HELO host has no forward DNS match as expected. Sending it again, let's me proceed and queue a mail.

Is this expected? Or am I missing something?

Expected behavior

Sending HELO with a host without a forward DNS match keeps being rejected with 550 HELO host has no forward DNS match.

Observed behavior

Sending HELO with a host without a forward DNS match is accepted.

Steps To Reproduce

I compiled some additional information in this gist.

[me@myshellhost ~]$ telnet stardust.uberspace.de 25
Trying 35.195.215.42...
Connected to stardust.uberspace.de.
Escape character is '^]'.
220 stardust.uberspace.de ESMTP Haraka/2.8.28 ready
HELO google.de
550 HELO host has no forward DNS match
HELO google.de
250 stardust.uberspace.de Hello [165.22.79.242]Haraka is at your service.

System Info:

Haraka	Haraka.js — Version: 2.8.28
Node	v16.14.2
OS	Linux stardust.uberspace.de 3.10.0-1160.59.1.el7.x86_64 #1 SMP Wed Feb 23 16:47:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
openssl	OpenSSL 1.0.2k-fips 26 Jan 2017

[msimerson]

Short version: it's a bug. We are plumbing the depths of my memory, IIRC, a reason that multi test exists is for port 587 users. They would connect, EHLO, STARTTLS, and then EHLO again. Any DNS slowness penalized them twice. But as your example points out, it also opens a barn door. Removing the multi check (see #3041) fixes that, but there might other reasons we had that in there.

[brutus]

Hi @msimerson, thanks for the quick PR. I'm not fluent enough in the codebase to judge the impact but, I'm glad to see this tackled.