frantisek holop wrote:
> hmm, on Mon, Nov 09, 2009 at 09:49:16AM -0500, Brian Evans - Postfix List
> said that
>
>> frantisek holop wrote:
>>
>>> main.cf:
>>>
>>>
>>> smtpd_helo_restrictions =
>>> permit_mynetworks
>>> check_helo_access hash:/etc/postfix/client_checks
>>> reject_unlisted_recipient
>>> reject_invalid_helo_hostname
>>> reject_non_fqdn_helo_hostname
>>> reject_unknown_helo_hostname
>>>
>>> client_checks:
>>>
>>> # mailserver-with-invalid-helo.com
>>> aaa.bbb.ccc.ddd OK
>>>
>>>
>>>
>> Change check_helo_access to check_client_access.
>> helo access verifies what is passed with the HELO command (e.g. HELO
>> myserver)
>> client access verifies the IP of the connecting server
>>
>> You can include client checks in helo_restrictions per
>> http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions
>>
>
> thanks for the cluestick. i moved that particular check into
> smtpd_client_restrictions as whitelisting these clients is "absolute",
> not just because they can't handle their own HELO.
>
> -f
>
No.
Leave it in smtpd_helo_restrictions or the offending checks will still fail.
Whitelisting is only valid per class. Moving it to client_restrictions
will give the same problem.
You want to change *what* you are checking, not *where*.
