I have the following:
main.cf in smtpd_recipient_restrictions:
check_helo_access pcre:$config_directory/helo_checks.pcre,
in helo_checks.pcre:
/(lan|home|example|local)$/ REJECT Mailserver name in
private namespace
but in logs:
May 23 14:48:17 mail postfix/smtpd[30899]: NOQUEUE: warn: RCPT from
201-88-100-143.gnace704.dsl.brasiltelecom.net.br[201.88.100.143]:
Dynamic DSL looking address; from=<subsidize...@maww.com> to=<consorti...@domain3.example
> proto=ESMTP helo=<speedtouch.lan>
OK? But the line with that reject notice is in check_client_fqdn.pcre,
which is AFTER check_helo_access
/\.(dsl|\d+dsl|dsl\d+)\./ REJECT Dynamic DSL
looking address
from postonf -n:
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_invalid_hostname, permit_mynetworks, check_client_access hash:
$config_directory/pbs, permit_sasl_authenticated,
reject_unauth_destination, reject_unlisted_sender, check_client_access
cidr:/var/db/dnswl/postfix-dnswl-permit check_helo_access pcre:
$config_directory/helo_checks.pcre, check_sender_access pcre:
$config_directory/sender_access.pcre, check_client_access pcre:
$config_directory/check_client_fqdn.pcre, check_recipient_access pcre:
$config_directory/recipient_checks.pcre, check_client_access hash:
$config_directory/access, reject_rbl_client zen.spamhaus.org, permit
shouldn't that helo from .lan be hitting the helo restriction before
it even gets to the fqdn lookup? Or hitting the
reject_non_fqdn_sender? Why's it falling all the way
check_client_fqdn.pcre?
--
Spontaneity has its time and place.
