On Tue, Apr 08, 2025 at 09:08:12AM -0400, Phillip Susi via Postfix-users wrote:
> I have:
> 
> smtpd_helo_required = yes
> smtpd_helo_restrictions = reject_invalid_helo_hostname,
>                         reject_non_fqdn_helo_hostname,
>                         reject_unknown_helo_hostname

I would not recommend the last of these for outright blocking, perhaps a
few too many legitimate, but unsophisticated sending systems use EHLO
names that don't resolve.

> So I was very surprised recently when I started getting spam accepted
> that looks like it is giving a non routable literal IP HELO and it isn't
> being rejected.  How is this getting past the invalid and non fqdn helo
> checks?  Also it looks like it skipped MAIL FROM.  Isn't there a
> restriction to block that?

Postfix does not know which IPs are "routable", and which not.  All
IP literals are exempt from the above checks.

-- 
    Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to