On Thursday, March 26, 2009 at 21:29 CET,
Lev Serebryakov <l...@serebryakov.spb.ru> wrote:
> I have many virtual domains, stored in MySQL database. To reject
> some spam I check all HELOs not to be any of my domain (because it is
> fake HELOs for sure). I have such check written like this:
>
> smtpd_helo_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_invalid_helo_hostname,
> reject_non_fqdn_helo_hostname,
> reject_unknown_helo_hostname,
> check_helo_access
> mysql:$config_directory/virtual_all_domains.cf,
> permit
>
> virtual_all_domains.cf contains this SQL statement:
>
> query = SELECT "550 Invalid HELO: it is me!" FROM domain WHERE name = '%s'
> AND active;
>
> Ok. It works. For example, here is 'serebryakov.spb.ru' domain in
> database, and it is active. Postfix rejects mail from such HELO:
[...]
> Great. Works as expected.
>
> BUT! It rejects mail from "gateway.home.serebryakov.spb.ru" TOO!
Yes. By default subdomains will be matched in access table
lookups. To disable this, remove smtpd_access_maps from
parent_domain_matches_subdomains. The lookup rules for
access maps is documented in access(5).
http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains
http://www.postfix.org/access.5.html
--
Magnus Bäck
mag...@dsek.lth.se
