Thomas Berger:
> And by the way: a permit_naked_ip_address in helo restrictions
> would only lead to an open relay, if the sender_restrictions are
> garbage, and this way, we will get an open relay anyway.
> We have tested this with a few different postfix versions today.
I am more concerned with open relay mistakes when permit_naked_ip_address
is used on smtpd_recipient_restrictions.
If you must allow bare IP HELO strings, you could use a PCRE
pattern:
/etc/postfix/helo_access.pcre:
/^\d+/ permit
The odds that some inexperienced admin will use this to become
an open relay are small enough.
Wietse
