Postfix reject HELO from sub-doman, as if it is main domain?

Thu, 26 Mar 2009 13:30:41 -0700 

Hello, postfix.

  I have many virtual domains, stored in MySQL database. To reject
some spam I check all HELOs not to be any of my domain (because it is
fake HELOs for sure). I have such check written like this:

smtpd_helo_restrictions      = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_invalid_helo_hostname,
                               reject_non_fqdn_helo_hostname,
                               reject_unknown_helo_hostname,
                               check_helo_access 
mysql:$config_directory/virtual_all_domains.cf,
                               permit

virtual_all_domains.cf contains this SQL statement:

query = SELECT "550 Invalid HELO: it is me!" FROM domain WHERE name = '%s' AND 
active;

Ok. It works. For example, here is 'serebryakov.spb.ru' domain in
database, and it is active. Postfix rejects mail from such HELO:

==================================================================================
> telnet mail.serebryakov.spb.ru 25
Trying 195.131.4.140...
Connected to mail.serebryakov.spb.ru.
Escape character is '^]'.
220 ftp.translate.ru ESMTP Postfix (2.5.6)
EHLO serebryakov.spb.ru
250-ftp.translate.ru
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 NTLM RPA
250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM RPA
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <b...@rejected.com>
250 2.1.0 Ok
RCPT TO: <l...@serebryakov.spb.ru>
550 5.7.1 <serebryakov.spb.ru>: Helo command rejected: Invalid HELO: it is me!
==================================================================================

  Great. Works as expected.

  BUT! It rejects mail from "gateway.home.serebryakov.spb.ru" TOO!
==================================================================================
> telnet mail.serebryakov.spb.ru 25
Trying 195.131.4.140...
Connected to mail.serebryakov.spb.ru.
Escape character is '^]'.
220 ftp.translate.ru ESMTP Postfix (2.5.6)
EHLO gateway.home.serebryakov.spb.ru
250-ftp.translate.ru
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 NTLM RPA
250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM RPA
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <b...@rejected.com>
250 2.1.0 Ok
RCPT TO: <l...@serebryakov.spb.ru>
550 5.7.1 <gateway.home.serebryakov.spb.ru>: Helo command rejected: Invalid 
HELO: it is me!
==================================================================================

  BUT WHY!? Of course, SQL statement with this parameter doesn't
return ANY result!

-- 
// Black Lion AKA Lev Serebryakov <l...@serebryakov.spb.ru>

Reply via email to