Willy De la Court wrote: > On Mon, 03 Aug 2009 11:14:10 +0200, Robin Smidsrød <ro...@smidsrod.no> > wrote: [snip] > > rfc2821 contains the following > > - the clarifications and applicability statements in RFC 1123 [2], [snip] > http://www.freesoft.org/CIE/RFC/1123/90.htm > > where it states > > The sender-SMTP MUST ensure that the <domain> parameter in a HELO command > is a valid principal host domain name for the client host. As a result, > the > receiver-SMTP will not have to perform MX resolution on this name in order > to validate the HELO parameter. > > The HELO receiver MAY verify that the HELO parameter really corresponds > to > the IP address of the sender. However, the receiver MUST NOT refuse to > accept a message, even if the sender's HELO command fails verification. > > > So it seems it's not allowed to refuse msgs when the HELO is incorrect. > >> The main.cf options I'm referring to are these: >> >> http://www.postfix.org/postconf.5.html#reject_non_fqdn_helo_hostname >> http://www.postfix.org/postconf.5.html#reject_unknown_helo_hostname
my main.cf has these lines (among others): smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access mysql:$config_directory/sql/accept_bad_helo.cf, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, permit Does this mean that all of the reject rules are in fact not RFC-conformant? The reason I mention reject_invalid_helo_hostname is that I'm unsure if the IPv(4|6) address syntax is part of this rule (postfix version 2.5.5, distributed with ubuntu 9.04). What about the two other reject rules? As far as I can tell, they are both non-conformant. -- Robin
