> -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of Vincent Lefevre > Sent: Friday, April 01, 2011 12:47 AM > To: postfix-users@postfix.org > Subject: Re: SMTP client host name spoofing > > I really think it is a bad idea to use reject_unknown_helo_hostname. > Some machines sending mail are on a local network, so that resolving > their hostname doesn't make sense outside this network.
Those machines should be talking to a public-facing MTA that tolerates unqualified names; they shouldn't be talking to the public Internet with an unqualified name. But even then, sending a hostname without a domain name violates the SMTP RFC. In the face of such widespread abuse, I'm a fan of being as strict as possible. The RFCs also make specific admonitions against making filtering decisions based on HELO/EHLO, but a lot of people do it anyway (and for good reason).
